Use model for db defaults as sqlite doesn't support them

OpenIDC: Trigger the change event of the "restrict users" toggle when enabling/disabling oidc.
If this is not triggered and the OIDC toggle is enabled, the "disabled" property will be removed from the restricted user list input, causing an error when trying to submit the form without it.
2021-09-09 08:12:50 +10:00 · 2021-09-09 08:12:50 +10:00 · 2021-09-09 08:12:50 +10:00 · 2021-09-09 08:12:50 +10:00 · 2021-09-09 08:12:50 +10:00 · 2021-09-09 08:12:50 +10:00
46 changed files with 1681 additions and 1239 deletions
--- a/.version
+++ b/.version
@ -1 +1 @@
-2.9.13
+2.9.8
--- a/2
+++ b/2
@ -68,7 +68,7 @@ pipeline {
 					-v "$(pwd)/global:/app/global" \\
 					-w /app \\
 					node:latest \\
-					sh -c "ln -s /usr/bin/python3 /usr/bin/python && yarn install && yarn eslint . && rm -rf node_modules"
+					sh -c "yarn install && yarn eslint . && rm -rf node_modules"
 				'''
 				echo 'Docker Build ...'
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.13-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.8-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@ -74,12 +74,28 @@ services:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
 ```
-3. Bring up your stack by running
+3. Bring up your stack
 ```bash
 docker-compose up -d
@ -467,30 +483,6 @@ Special thanks to the following contributors:
 				<br /><sub><b>Florian Meinicke</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/ssrahul96">
 				<img src="https://avatars.githubusercontent.com/u/15570570?v=4" width="80" alt=""/>
 				<br /><sub><b>Rahul Somasundaram</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/BjoernAkAManf">
 				<img src="https://avatars.githubusercontent.com/u/833043?v=4" width="80" alt=""/>
 				<br /><sub><b>Björn Heinrichs</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/realJoshByrnes">
 				<img src="https://avatars.githubusercontent.com/u/204185?v=4" width="80" alt=""/>
 				<br /><sub><b>Josh Byrnes</b></sub>
 			</a>
 		</td>
 		<td align="center">
 			<a href="https://github.com/bergi9">
 				<img src="https://avatars.githubusercontent.com/u/5556750?v=4" width="80" alt=""/>
 				<br /><sub><b>bergi9</b></sub>
 			</a>
 		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->
--- a/backend/app.js
+++ b/backend/app.js
@ -40,12 +40,13 @@ app.use(function (req, res, next) {
 	}
 	res.set({
-		'X-XSS-Protection':       '1; mode=block',
+		'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-		'X-Content-Type-Options': 'nosniff',
+		'X-XSS-Protection':          '1; mode=block',
-		'X-Frame-Options':        x_frame_options,
+		'X-Content-Type-Options':    'nosniff',
-		'Cache-Control':          'no-cache, no-store, max-age=0, must-revalidate',
+		'X-Frame-Options':           x_frame_options,
-		Pragma:                   'no-cache',
+		'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',
-		Expires:                  0
+		Pragma:                      'no-cache',
 		Expires:                     0
 	});
 	next();
 });
@ -74,7 +75,7 @@ app.use(function (err, req, res, next) {
 	// Not every error is worth logging - but this is good for now until it gets annoying.
 	if (typeof err.stack !== 'undefined' && err.stack) {
-		if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
+		if (process.env.NODE_ENV === 'development') {
 			log.debug(err.stack);
 		} else if (typeof err.public == 'undefined' || !err.public) {
 			log.warn(err.message);
--- a/backend/index.js
+++ b/backend/index.js
@ -44,85 +44,84 @@ async function appStart () {
 async function createDbConfigFromEnvironment() {
 	return new Promise((resolve, reject) => {
-		const envMysqlHost = process.env.DB_MYSQL_HOST || null;
+		const envMysqlHost  = process.env.DB_MYSQL_HOST || null;
-		const envMysqlPort = process.env.DB_MYSQL_PORT || null;
+		const envMysqlPort  = process.env.DB_MYSQL_PORT || null;
-		const envMysqlUser = process.env.DB_MYSQL_USER || null;
+		const envMysqlUser  = process.env.DB_MYSQL_USER || null;
-		const envMysqlName = process.env.DB_MYSQL_NAME || null;
+		const envMysqlName  = process.env.DB_MYSQL_NAME || null;
-		let envSqliteFile  = process.env.DB_SQLITE_FILE || null;
+		const envSqliteFile = process.env.DB_SQLITE_FILE || null;
-		const fs       = require('fs');
+		if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
-		const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
+			const fs       = require('fs');
-		let configData = {};
+			const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
 			let configData = {};
-		try {
+			try {
-			configData = require(filename);
+				configData = require(filename);
-		} catch (err) {
+			} catch (err) {
-			// do nothing
+				// do nothing
-		}
+			}
-		if (configData.database && configData.database.engine && !configData.database.fromEnv) {
+			if (configData.database && configData.database.engine && !configData.database.fromEnv) {
-			logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+				logger.info('Manual db configuration already exists, skipping config creation from environment variables');
 			resolve();
 			return;
 		}
 		if ((!envMysqlHost || !envMysqlPort || !envMysqlUser || !envMysqlName) && !envSqliteFile){
 			envSqliteFile = '/data/database.sqlite';
 			logger.info(`No valid environment variables for database provided, using default SQLite file '${envSqliteFile}'`);
 		}
 		if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
 			const newConfig = {
 				fromEnv:  true,
 				engine:   'mysql',
 				host:     envMysqlHost,
 				port:     envMysqlPort,
 				user:     envMysqlUser,
 				password: process.env.DB_MYSQL_PASSWORD,
 				name:     envMysqlName,
 			};
 			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
 				// Config is unchanged, skip overwrite
 				resolve();
 				return;
 			}
-			logger.info('Generating MySQL knex configuration from environment variables');
+			if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
-			configData.database = newConfig;
+				const newConfig = {
 					fromEnv:  true,
 					engine:   'mysql',
 					host:     envMysqlHost,
 					port:     envMysqlPort,
 					user:     envMysqlUser,
 					password: process.env.DB_MYSQL_PASSWORD,
 					name:     envMysqlName,
 				};
-		} else {
+				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
-			const newConfig = {
+					// Config is unchanged, skip overwrite
-				fromEnv: true,
+					resolve();
-				engine:  'knex-native',
+					return;
 				knex:    {
 					client:     'sqlite3',
 					connection: {
 						filename: envSqliteFile
 					},
 					useNullAsDefault: true
 				}
 			};
 			if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
 				// Config is unchanged, skip overwrite
 				resolve();
 				return;
 			}
-			logger.info('Generating SQLite knex configuration');
+				logger.info('Generating MySQL db configuration from environment variables');
-			configData.database = newConfig;
+				configData.database = newConfig;
 		}
 		// Write config
 		fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
 			if (err) {
 				logger.error('Could not write db config to config file: ' + filename);
 				reject(err);
 			} else {
-				logger.debug('Wrote db configuration to config file: ' + filename);
+				const newConfig = {
-				resolve();
+					fromEnv: true,
 					engine:  'knex-native',
 					knex:    {
 						client:     'sqlite3',
 						connection: {
 							filename: envSqliteFile
 						},
 						useNullAsDefault: true
 					}
 				};
 				if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
 					// Config is unchanged, skip overwrite
 					resolve();
 					return;
 				}
 				logger.info('Generating Sqlite db configuration from environment variables');
 				configData.database = newConfig;
 			}
-		});
+
 			// Write config
 			fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
 				if (err) {
 					logger.error('Could not write db config to config file: ' + filename);
 					reject(err);
 				} else {
 					logger.info('Wrote db configuration to config file: ' + filename);
 					resolve();
 				}
 			});
 		} else {
 			resolve();
 		}
 	});
 }
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -1,6 +1,5 @@
 const _                  = require('lodash');
 const fs                 = require('fs');
 const https              = require('https');
 const tempWrite          = require('temp-write');
 const moment             = require('moment');
 const logger             = require('../logger').ssl;
@ -16,7 +15,6 @@ const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 const archiver           = require('archiver');
 const path               = require('path');
 const { isArray }        = require('lodash');
 function omissions() {
 	return ['is_deleted'];
@ -116,7 +114,7 @@ const internalCertificate = {
 				data.owner_user_id = access.token.getUserId(1);
 				if (data.provider === 'letsencrypt') {
-					data.nice_name = data.domain_names.join(', ');
+					data.nice_name = data.domain_names.sort().join(', ');
 				}
 				return certificateModel
@ -834,7 +832,7 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const cmd = certbotCommand + ' certonly ' +
+		const cmd = certbotCommand + ' certonly --non-interactive ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
@ -871,13 +869,12 @@ const internalCertificate = {
 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
 		const credentialsCmd      = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
-		const prepareCmd          = 'pip install ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
+		const prepareCmd          = 'pip install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
-		let mainCmd = certbotCommand + ' certonly ' +
+		let mainCmd = certbotCommand + ' certonly --non-interactive ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
@ -972,11 +969,10 @@ const internalCertificate = {
 	renewLetsEncryptSsl: (certificate) => {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const cmd = certbotCommand + ' renew --force-renewal ' +
+		const cmd = certbotCommand + ' renew --force-renewal --non-interactive ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
 			(letsencryptStaging ? '--staging' : '');
@ -1002,11 +998,9 @@ const internalCertificate = {
 		logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
-		let mainCmd = certbotCommand + ' renew ' +
+		let mainCmd = certbotCommand + ' renew --non-interactive ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
-			'--disable-hook-validation ' +
+			'--disable-hook-validation' +
 			'--no-random-sleep-on-renew ' +
 			(letsencryptStaging ? ' --staging' : '');
 		// Prepend the path to the credentials file as an environment variable
@ -1032,8 +1026,7 @@ const internalCertificate = {
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		const mainCmd = certbotCommand + ' revoke ' +
+		const mainCmd = certbotCommand + ' revoke --non-interactive ' +
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
 			'--delete-after-revoke ' +
 			(letsencryptStaging ? '--staging' : '');
@ -1126,94 +1119,6 @@ const internalCertificate = {
 		} else {
 			return Promise.resolve();
 		}
 	},
 	testHttpsChallenge: async (access, domains) => {
 		await access.can('certificates:list');
 		if (!isArray(domains)) {
 			throw new error.InternalValidationError('Domains must be an array of strings');
 		}
 		if (domains.length === 0) {
 			throw new error.InternalValidationError('No domains provided');
 		}
 		// Create a test challenge file
 		const testChallengeDir  = '/data/letsencrypt-acme-challenge/.well-known/acme-challenge';
 		const testChallengeFile = testChallengeDir + '/test-challenge';
 		fs.mkdirSync(testChallengeDir, {recursive: true});
 		fs.writeFileSync(testChallengeFile, 'Success', {encoding: 'utf8'});
 		async function performTestForDomain (domain) {
 			logger.info('Testing http challenge for ' + domain);
 			const url      = `http://${domain}/.well-known/acme-challenge/test-challenge`;
 			const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`;
 			const options  = {
 				method:  'POST',
 				headers: {
 					'Content-Type':   'application/x-www-form-urlencoded',
 					'Content-Length': Buffer.byteLength(formBody)
 				}
 			};
 			const result = await new Promise((resolve) => {
 				const req = https.request('https://www.site24x7.com/tools/restapi-tester', options, function (res) {
 					let responseBody = '';
 					res.on('data', (chunk) => responseBody = responseBody + chunk);
 					res.on('end', function () {
 						const parsedBody = JSON.parse(responseBody + '');
 						if (res.statusCode !== 200) {
 							logger.warn(`Failed to test HTTP challenge for domain ${domain}`, res);
 							resolve(undefined);
 						}
 						resolve(parsedBody);
 					});
 				});
 				// Make sure to write the request body.
 				req.write(formBody);
 				req.end();
 				req.on('error', function (e) { logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e);
 					resolve(undefined); });
 			});
 			if (!result) {
 				// Some error occurred while trying to get the data
 				return 'failed';
 			} else if (`${result.responsecode}` === '200' && result.htmlresponse === 'Success') {
 				// Server exists and has responded with the correct data
 				return 'ok';
 			} else if (`${result.responsecode}` === '200') {
 				// Server exists but has responded with wrong data
 				logger.info(`HTTP challenge test failed for domain ${domain} because of invalid returned data:`, result.htmlresponse);
 				return 'wrong-data';
 			} else if (`${result.responsecode}` === '404') {
 				// Server exists but responded with a 404
 				logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`);
 				return '404';
 			} else if (`${result.responsecode}` === '0' || (typeof result.reason === 'string' && result.reason.toLowerCase() === 'host unavailable')) {
 				// Server does not exist at domain
 				logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`);
 				return 'no-host';
 			} else {
 				// Other errors
 				logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
 				return `other:${result.responsecode}`;
 			}
 		}
 		const results = {};
 		for (const domain of domains){
 			results[domain] = await performTestForDomain(domain);
 		}
 		// Remove the test challenge file
 		fs.unlinkSync(testChallengeFile);
 		return results;
 	}
 };
--- a/backend/migrations/20200522113248_openid_connect.js
+++ b/backend/migrations/20200522113248_openid_connect.js
@ -0,0 +1,48 @@
 const migrate_name = 'openid_connect';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('openidc_enabled').notNull().unsigned().defaultTo(0);
 		proxy_host.text('openidc_redirect_uri').notNull().defaultTo('');
 		proxy_host.text('openidc_discovery').notNull().defaultTo('');
 		proxy_host.text('openidc_auth_method').notNull().defaultTo('');
 		proxy_host.text('openidc_client_id').notNull().defaultTo('');
 		proxy_host.text('openidc_client_secret').notNull().defaultTo('');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.down = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.dropColumn('openidc_enabled');
 		proxy_host.dropColumn('openidc_redirect_uri');
 		proxy_host.dropColumn('openidc_discovery');
 		proxy_host.dropColumn('openidc_auth_method');
 		proxy_host.dropColumn('openidc_client_id');
 		proxy_host.dropColumn('openidc_client_secret');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
--- a/backend/migrations/20200522144240_openid_allowed_users.js
+++ b/backend/migrations/20200522144240_openid_allowed_users.js
@ -0,0 +1,40 @@
 const migrate_name = 'openid_allowed_users';
 const logger       = require('../logger').migrate;
 /**
 * Migrate
 *
 * @see http://knexjs.org/#Schema
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.up = function (knex/*, Promise*/) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.integer('openidc_restrict_users_enabled').notNull().unsigned().defaultTo(0);
 		proxy_host.json('openidc_allowed_users').notNull().defaultTo([]);
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
 /**
 * Undo Migrate
 *
 * @param   {Object}  knex
 * @param   {Promise} Promise
 * @returns {Promise}
 */
 exports.down = function (knex/*, Promise*/) {
 	return knex.schema.table('proxy_host', function (proxy_host) {
 		proxy_host.dropColumn('openidc_restrict_users_enabled');
 		proxy_host.dropColumn('openidc_allowed_users');
 	})
 		.then(() => {
 			logger.info('[' + migrate_name + '] proxy_host Table altered');
 		});
 };
--- a/backend/migrations/20211108145214_regenerate_default_host.js
+++ b/backend/migrations/20211108145214_regenerate_default_host.js
@ -1,50 +0,0 @@
 const migrate_name  = 'stream_domain';
 const logger        = require('../logger').migrate;
 const internalNginx = require('../internal/nginx');
 async function regenerateDefaultHost(knex) {
 	const row = await knex('setting').select('*').where('id', 'default-site').first();
 	if (!row) {
 		return Promise.resolve();
 	}
 	return internalNginx.deleteConfig('default')
 		.then(() => {
 			return internalNginx.generateConfig('default', row);
 		})
 		.then(() => {
 			return internalNginx.test();
 		})
 		.then(() => {
 			return internalNginx.reload();
 		});
 }
 /**
 	* Migrate
 	*
 	* @see http://knexjs.org/#Schema
 	*
 	* @param   {Object} knex
 	* @param   {Promise} Promise
 	* @returns {Promise}
 	*/
 exports.up = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Up...');
 	return regenerateDefaultHost(knex);
 };
 /**
 	* Undo Migrate
 	*
 	* @param   {Object} knex
 	* @param   {Promise} Promise
 	* @returns {Promise}
 	*/
 exports.down = function (knex) {
 	logger.info('[' + migrate_name + '] Migrating Down...');
 	return regenerateDefaultHost(knex);
 };
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -20,12 +20,23 @@ class ProxyHost extends Model {
 			this.domain_names = [];
 		}
 		// Default for openidc_allowed_users
 		if (typeof this.openidc_allowed_users === 'undefined') {
 			this.openidc_allowed_users = [];
 		}
 		// Default for meta
 		if (typeof this.meta === 'undefined') {
 			this.meta = {};
 		}
 		// Openidc defaults
 		if (typeof this.openidc_auth_method === 'undefined') {
 			this.openidc_auth_method = 'client_secret_post';
 		}
 		this.domain_names.sort();
 		this.openidc_allowed_users.sort();
 	}
 	$beforeUpdate () {
@ -35,6 +46,11 @@ class ProxyHost extends Model {
 		if (typeof this.domain_names !== 'undefined') {
 			this.domain_names.sort();
 		}
 		// Sort openidc_allowed_users
 		if (typeof this.openidc_allowed_users !== 'undefined') {
 			this.openidc_allowed_users.sort();
 		}
 	}
 	static get name () {
@ -46,7 +62,7 @@ class ProxyHost extends Model {
 	}
 	static get jsonAttributes () {
-		return ['domain_names', 'meta', 'locations'];
+		return ['domain_names', 'meta', 'locations', 'openidc_allowed_users'];
 	}
 	static get relationMappings () {
--- a/backend/package.json
+++ b/backend/package.json
@ -11,9 +11,11 @@
 		"body-parser": "^1.19.0",
 		"compression": "^1.7.4",
 		"config": "^3.3.1",
 		"diskdb": "^0.1.17",
 		"express": "^4.17.1",
 		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
 		"html-entities": "^1.2.1",
 		"json-schema-ref-parser": "^8.0.0",
 		"jsonwebtoken": "^8.5.1",
 		"knex": "^0.20.13",
@ -23,11 +25,14 @@
 		"mysql": "^2.18.1",
 		"node-rsa": "^1.0.8",
 		"nodemon": "^2.0.2",
-		"objection": "^2.2.16",
+		"objection": "^2.1.3",
 		"path": "^0.12.7",
 		"pg": "^7.12.1",
 		"restler": "^3.4.0",
 		"signale": "^1.4.0",
 		"sqlite3": "^4.1.1",
-		"temp-write": "^4.0.0"
+		"temp-write": "^4.0.0",
 		"unix-timestamp": "^0.2.0"
 	},
 	"signale": {
 		"displayDate": true,
--- a/backend/routes/api/nginx/certificates.js
+++ b/backend/routes/api/nginx/certificates.js
@ -68,32 +68,6 @@ router
 			.catch(next);
 	});
 /**
 * Test HTTP challenge for domains
 *
 * /api/nginx/certificates/test-http
 */
 router
 	.route('/test-http')
 	.options((req, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
 /**
 * GET /api/nginx/certificates/test-http
 *
 * Test HTTP challenge for domains
 */
 	.get((req, res, next) => {
 		internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
 			.then((result) => {
 				res.status(200)
 					.send(result);
 			})
 			.catch(next);
 	});
 /**
 * Specific certificate
 *
@ -235,6 +209,7 @@ router
 			.catch(next);
 	});
 /**
 * Download LE Certs
 *
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@ -153,7 +153,7 @@
      "example": "john@example.com",
      "format": "email",
      "type": "string",
-      "minLength": 6,
+      "minLength": 8,
      "maxLength": 100
    },
    "password": {
@ -235,6 +235,43 @@
      "description": "Should we cache assets",
      "example": true,
      "type": "boolean"
    },
    "openidc_enabled": {
      "description": "Is OpenID Connect authentication enabled",
      "example": true,
      "type": "boolean"
    },
    "openidc_redirect_uri": {
      "type": "string"
    },
    "openidc_discovery": {
      "type": "string"
    },
    "openidc_auth_method": {
      "type": "string",
      "pattern": "^(client_secret_basic|client_secret_post)$"
    },
    "openidc_client_id": {
      "type": "string"
    },
    "openidc_client_secret": {
      "type": "string"
    },
    "openidc_restrict_users_enabled": {
      "description": "Only allow a specific set of OpenID Connect emails to access the resource",
      "example": true,
      "type": "boolean"
    },
    "openidc_allowed_users": {
      "type": "array",
      "minItems": 0,
      "items": {
        "type": "string",
        "description": "Email Address",
        "example": "john@example.com",
        "format": "email",
        "minLength": 1
      }
    }
  }
 }
--- a/backend/schema/endpoints/certificates.json
+++ b/backend/schema/endpoints/certificates.json
@ -157,17 +157,6 @@
      "targetSchema": {
        "type": "boolean"
      }
    },
    {
      "title": "Test HTTP Challenge",
      "description": "Tests whether the HTTP challenge should work",
      "href": "/nginx/certificates/{definitions.identity.example}/test-http",
      "access": "private",
      "method": "GET",
      "rel": "info",
      "http_header": {
        "$ref": "../examples.json#/definitions/auth_header"
      }
    }
  ]
 }
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@ -64,6 +64,30 @@
    "advanced_config": {
      "type": "string"
    },
    "openidc_enabled": {
      "$ref": "../definitions.json#/definitions/openidc_enabled"
    },
    "openidc_redirect_uri": {
      "$ref": "../definitions.json#/definitions/openidc_redirect_uri"
    },
    "openidc_discovery": {
      "$ref": "../definitions.json#/definitions/openidc_discovery"
    },
    "openidc_auth_method": {
      "$ref": "../definitions.json#/definitions/openidc_auth_method"
    },
    "openidc_client_id": {
      "$ref": "../definitions.json#/definitions/openidc_client_id"
    },
    "openidc_client_secret": {
      "$ref": "../definitions.json#/definitions/openidc_client_secret"
    },
    "openidc_restrict_users_enabled": {
      "$ref": "../definitions.json#/definitions/openidc_restrict_users_enabled"
    },
    "openidc_allowed_users": {
      "$ref": "../definitions.json#/definitions/openidc_allowed_users"
    },
    "enabled": {
      "$ref": "../definitions.json#/definitions/enabled"
    },
@ -161,6 +185,30 @@
    "advanced_config": {
      "$ref": "#/definitions/advanced_config"
    },
    "openidc_enabled": {
      "$ref": "#/definitions/openidc_enabled"
    },
    "openidc_redirect_uri": {
      "$ref": "#/definitions/openidc_redirect_uri"
    },
    "openidc_discovery": {
      "$ref": "#/definitions/openidc_discovery"
    },
    "openidc_auth_method": {
      "$ref": "#/definitions/openidc_auth_method"
    },
    "openidc_client_id": {
      "$ref": "#/definitions/openidc_client_id"
    },
    "openidc_client_secret": {
      "$ref": "#/definitions/openidc_client_secret"
    },
    "openidc_restrict_users_enabled": {
      "$ref": "#/definitions/openidc_restrict_users_enabled"
    },
    "openidc_allowed_users": {
      "$ref": "#/definitions/openidc_allowed_users"
    },
    "enabled": {
      "$ref": "#/definitions/enabled"
    },
@ -251,6 +299,30 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
          "openidc_enabled": {
            "$ref": "#/definitions/openidc_enabled"
          },
          "openidc_redirect_uri": {
            "$ref": "#/definitions/openidc_redirect_uri"
          },
          "openidc_discovery": {
            "$ref": "#/definitions/openidc_discovery"
          },
          "openidc_auth_method": {
            "$ref": "#/definitions/openidc_auth_method"
          },
          "openidc_client_id": {
            "$ref": "#/definitions/openidc_client_id"
          },
          "openidc_client_secret": {
            "$ref": "#/definitions/openidc_client_secret"
          },
          "openidc_restrict_users_enabled": {
            "$ref": "#/definitions/openidc_restrict_users_enabled"
          },
          "openidc_allowed_users": {
            "$ref": "#/definitions/openidc_allowed_users"
          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
@ -324,6 +396,30 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
          "openidc_enabled": {
            "$ref": "#/definitions/openidc_enabled"
          },
          "openidc_redirect_uri": {
            "$ref": "#/definitions/openidc_redirect_uri"
          },
          "openidc_discovery": {
            "$ref": "#/definitions/openidc_discovery"
          },
          "openidc_auth_method": {
            "$ref": "#/definitions/openidc_auth_method"
          },
          "openidc_client_id": {
            "$ref": "#/definitions/openidc_client_id"
          },
          "openidc_client_secret": {
            "$ref": "#/definitions/openidc_client_secret"
          },
          "openidc_restrict_users_enabled": {
            "$ref": "#/definitions/openidc_restrict_users_enabled"
          },
          "openidc_allowed_users": {
            "$ref": "#/definitions/openidc_allowed_users"
          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
--- a/backend/setup.js
+++ b/backend/setup.js
@ -175,7 +175,7 @@ const setupCertbotPlugins = () => {
 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
 						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
-						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
+						const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -1,10 +1,11 @@
  location {{ path }} {
    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    proxy_pass       $upstream;
    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
--- a/backend/templates/_openid_connect.conf
+++ b/backend/templates/_openid_connect.conf
@ -0,0 +1,47 @@
 {% if openidc_enabled == 1 or openidc_enabled == true -%}
    access_by_lua_block {
 	    local openidc = require("resty.openidc")
        local opts = {
            redirect_uri = "{{- openidc_redirect_uri -}}",
            discovery = "{{- openidc_discovery -}}",
            token_endpoint_auth_method = "{{- openidc_auth_method -}}",
            client_id = "{{- openidc_client_id -}}",
            client_secret = "{{- openidc_client_secret -}}",
            scope = "openid email profile"
        }
        local res, err = openidc.authenticate(opts)
        if err then
            ngx.status = 500
            ngx.say(err)
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end
        {% if openidc_restrict_users_enabled == 1 or openidc_restrict_users_enabled == true -%}
        local function contains(table, val)
            for i=1,#table do
                if table[i] == val then 
                    return true
                end
            end
            return false
        end
        local allowed_users = {
            {% for user in openidc_allowed_users %}
                "{{ user }}",
            {% endfor %}
        }
        if not contains(allowed_users, res.id_token.email) then
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end
        {% endif -%}
        ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)
        ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)
        ngx.req.set_header("X-OIDC-NAME", res.id_token.name)
    }
 {% endif %}
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@ -51,7 +51,8 @@ proxy_http_version 1.1;
    {% endif %}
-{% include "_hsts.conf" %}
+    {% include "_openid_connect.conf" %}
    {% include "_hsts.conf" %}
    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
    proxy_set_header Upgrade $http_upgrade;
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -77,10 +77,10 @@ acorn@^7.1.1:
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
  integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==
-ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.0, ajv@^6.12.6:
+ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.0:
-  version "6.12.6"
+  version "6.12.3"
-  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.3.tgz#18c5af38a111ddeb4f2697bd78d68abc1cabd706"
-  integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
+  integrity sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==
  dependencies:
    fast-deep-equal "^3.1.1"
    fast-json-stable-stringify "^2.0.0"
@ -136,6 +136,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0:
    "@types/color-name" "^1.1.1"
    color-convert "^2.0.1"
 ansi-styles@~1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-1.0.0.tgz#cb102df1c56f5123eab8b67cd7b98027a0279178"
  integrity sha1-yxAt8cVvUSPquLZ817mAJ6AnkXg=
 anymatch@~3.1.1:
  version "3.1.1"
  resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.1.tgz#c55ecf02185e2469259399310c173ce31233b142"
@ -386,6 +391,11 @@ buffer-equal-constant-time@1.0.1:
  resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819"
  integrity sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=
 buffer-writer@2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/buffer-writer/-/buffer-writer-2.0.0.tgz#ce7eb81a38f7829db09c873f2fbb792c0c98ec04"
  integrity sha512-a7ZpuTZU1TRtnwyCNW3I5dc0wWNC3VR9S++Ewyk2HHZdrO3CQJqSpd+95Us590V6AL7JqUAH2IwZ/398PmNFgw==
 buffer@^5.5.0:
  version "5.7.1"
  resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0"
@ -454,6 +464,15 @@ camelcase@^5.0.0, camelcase@^5.3.1:
  resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
  integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
 chalk@^0.4.0:
  version "0.4.0"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-0.4.0.tgz#5199a3ddcd0c1efe23bc08c1b027b06176e0c64f"
  integrity sha1-UZmj3c0MHv4jvAjBsCewYXbgxk8=
  dependencies:
    ansi-styles "~1.0.0"
    has-color "~0.1.0"
    strip-ansi "~0.1.0"
 chalk@^2.0.0, chalk@^2.1.0, chalk@^2.3.2:
  version "2.4.2"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
@ -839,6 +858,15 @@ dicer@0.3.0:
  dependencies:
    streamsearch "0.1.2"
 diskdb@^0.1.17:
  version "0.1.17"
  resolved "https://registry.yarnpkg.com/diskdb/-/diskdb-0.1.17.tgz#8abd095196b33b406791f1494b6b13b4422240c4"
  integrity sha1-ir0JUZazO0BnkfFJS2sTtEIiQMQ=
  dependencies:
    chalk "^0.4.0"
    merge "^1.1.3"
    node-uuid "^1.4.1"
 doctrine@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-3.0.0.tgz#addebead72a6574db783639dc87a121773973961"
@ -1473,6 +1501,11 @@ gravatar@^1.8.0:
    querystring "0.2.0"
    yargs "^15.4.1"
 has-color@~0.1.0:
  version "0.1.7"
  resolved "https://registry.yarnpkg.com/has-color/-/has-color-0.1.7.tgz#67144a5260c34fc3cca677d041daf52fe7b78b2f"
  integrity sha1-ZxRKUmDDT8PMpnfQQdr1L+e3iy8=
 has-flag@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
@ -1531,6 +1564,11 @@ homedir-polyfill@^1.0.1:
  dependencies:
    parse-passwd "^1.0.0"
 html-entities@^1.2.1:
  version "1.3.1"
  resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.3.1.tgz#fb9a1a4b5b14c5daba82d3e34c6ae4fe701a0e44"
  integrity sha512-rhE/4Z3hIhzHAUKbW8jVcCyuT5oJCXXqhN/6mXXVCpzTmvJnoH2HL/bt3EZ6p55jbFJBeAe1ZNpL5BugLujxNA==
 http-cache-semantics@^4.0.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
@ -1558,6 +1596,11 @@ http-errors@~1.7.2:
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"
 iconv-lite@0.2.11:
  version "0.2.11"
  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.2.11.tgz#1ce60a3a57864a292d1321ff4609ca4bb965adc8"
  integrity sha1-HOYKOleGSiktEyH/RgnKS7llrcg=
 iconv-lite@0.4.24, iconv-lite@^0.4.24, iconv-lite@^0.4.4:
  version "0.4.24"
  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b"
@ -2178,6 +2221,11 @@ merge-descriptors@1.0.1:
  resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
  integrity sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=
 merge@^1.1.3:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.1.tgz#38bebf80c3220a8a487b6fcfb3941bb11720c145"
  integrity sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ==
 methods@~1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
@ -2396,6 +2444,11 @@ node-rsa@^1.0.8:
  dependencies:
    asn1 "^0.2.4"
 node-uuid@^1.4.1:
  version "1.4.8"
  resolved "https://registry.yarnpkg.com/node-uuid/-/node-uuid-1.4.8.tgz#b040eb0923968afabf8d32fb1f17f1167fdab907"
  integrity sha1-sEDrCSOWivq/jTL7HxfxFn/auQc=
 nodemon@^2.0.2:
  version "2.0.4"
  resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-2.0.4.tgz#55b09319eb488d6394aa9818148c0c2d1c04c416"
@ -2519,12 +2572,12 @@ object.pick@^1.2.0, object.pick@^1.3.0:
  dependencies:
    isobject "^3.0.1"
-objection@^2.2.16:
+objection@^2.1.3:
-  version "2.2.16"
+  version "2.2.2"
-  resolved "https://registry.yarnpkg.com/objection/-/objection-2.2.16.tgz#552ec6d625a7f80d6e204fc63732cbd3fc56f31c"
+  resolved "https://registry.yarnpkg.com/objection/-/objection-2.2.2.tgz#1a3c9010270e3677940d2bc91aeaeb3c0f103800"
-  integrity sha512-sq8erZdxW5ruPUK6tVvwDxyO16U49XAn/BmOm2zaNhNA2phOPCe2/7+R70nDEF1SFrgJOrwDu/PtoxybuJxnjQ==
+  integrity sha512-+1Ap7u9NQRochzDW5/BggUlKi94JfZGTJwQJuNXo8DwmAb8czEirvxcWBcX91/MmQq0BQUJjM4RPSiZhnkkWQw==
  dependencies:
-    ajv "^6.12.6"
+    ajv "^6.12.0"
    db-errors "^0.2.3"
 on-finished@~2.3.0:
@ -2636,6 +2689,11 @@ package-json@^6.3.0:
    registry-url "^5.0.0"
    semver "^6.2.0"
 packet-reader@1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/packet-reader/-/packet-reader-1.0.0.tgz#9238e5480dedabacfe1fe3f2771063f164157d74"
  integrity sha512-HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ==
 parent-module@^1.0.0:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2"
@ -2725,11 +2783,63 @@ path@^0.12.7:
    process "^0.11.1"
    util "^0.10.3"
 pg-connection-string@0.1.3:
  version "0.1.3"
  resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-0.1.3.tgz#da1847b20940e42ee1492beaf65d49d91b245df7"
  integrity sha1-2hhHsglA5C7hSSvq9l1J2RskXfc=
 pg-connection-string@2.1.0:
  version "2.1.0"
  resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.1.0.tgz#e07258f280476540b24818ebb5dca29e101ca502"
  integrity sha512-bhlV7Eq09JrRIvo1eKngpwuqKtJnNhZdpdOlvrPrA4dxqXPjxSrbNrfnIDmTpwMyRszrcV4kU5ZA4mMsQUrjdg==
 pg-int8@1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/pg-int8/-/pg-int8-1.0.1.tgz#943bd463bf5b71b4170115f80f8efc9a0c0eb78c"
  integrity sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==
 pg-packet-stream@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/pg-packet-stream/-/pg-packet-stream-1.1.0.tgz#e45c3ae678b901a2873af1e17b92d787962ef914"
  integrity sha512-kRBH0tDIW/8lfnnOyTwKD23ygJ/kexQVXZs7gEyBljw4FYqimZFxnMMx50ndZ8In77QgfGuItS5LLclC2TtjYg==
 pg-pool@^2.0.10:
  version "2.0.10"
  resolved "https://registry.yarnpkg.com/pg-pool/-/pg-pool-2.0.10.tgz#842ee23b04e86824ce9d786430f8365082d81c4a"
  integrity sha512-qdwzY92bHf3nwzIUcj+zJ0Qo5lpG/YxchahxIN8+ZVmXqkahKXsnl2aiJPHLYN9o5mB/leG+Xh6XKxtP7e0sjg==
 pg-types@^2.1.0:
  version "2.2.0"
  resolved "https://registry.yarnpkg.com/pg-types/-/pg-types-2.2.0.tgz#2d0250d636454f7cfa3b6ae0382fdfa8063254a3"
  integrity sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==
  dependencies:
    pg-int8 "1.0.1"
    postgres-array "~2.0.0"
    postgres-bytea "~1.0.0"
    postgres-date "~1.0.4"
    postgres-interval "^1.1.0"
 pg@^7.12.1:
  version "7.18.2"
  resolved "https://registry.yarnpkg.com/pg/-/pg-7.18.2.tgz#4e219f05a00aff4db6aab1ba02f28ffa4513b0bb"
  integrity sha512-Mvt0dGYMwvEADNKy5PMQGlzPudKcKKzJds/VbOeZJpb6f/pI3mmoXX0JksPgI3l3JPP/2Apq7F36O63J7mgveA==
  dependencies:
    buffer-writer "2.0.0"
    packet-reader "1.0.0"
    pg-connection-string "0.1.3"
    pg-packet-stream "^1.1.0"
    pg-pool "^2.0.10"
    pg-types "^2.1.0"
    pgpass "1.x"
    semver "4.3.2"
 pgpass@1.x:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/pgpass/-/pgpass-1.0.2.tgz#2a7bb41b6065b67907e91da1b07c1847c877b306"
  integrity sha1-Knu0G2BltnkH6R2hsHwYR8h3swY=
  dependencies:
    split "^1.0.0"
 picomatch@^2.0.4, picomatch@^2.2.1:
  version "2.2.2"
  resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.2.2.tgz#21f333e9b6b8eaff02468f5146ea406d345f4dad"
@ -2753,6 +2863,28 @@ posix-character-classes@^0.1.0:
  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
  integrity sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=
 postgres-array@~2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/postgres-array/-/postgres-array-2.0.0.tgz#48f8fce054fbc69671999329b8834b772652d82e"
  integrity sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==
 postgres-bytea@~1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/postgres-bytea/-/postgres-bytea-1.0.0.tgz#027b533c0aa890e26d172d47cf9ccecc521acd35"
  integrity sha1-AntTPAqokOJtFy1Hz5zOzFIazTU=
 postgres-date@~1.0.4:
  version "1.0.6"
  resolved "https://registry.yarnpkg.com/postgres-date/-/postgres-date-1.0.6.tgz#4925e8085b30c2ba1a06ac91b9a3473954a2ce2d"
  integrity sha512-o2a4gxeFcox+CgB3Ig/kNHBP23PiEXHCXx7pcIIsvzoNz4qv+lKTyiSkjOXIMNUl12MO/mOYl2K6wR9X5K6Plg==
 postgres-interval@^1.1.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/postgres-interval/-/postgres-interval-1.2.0.tgz#b460c82cb1587507788819a06aa0fffdb3544695"
  integrity sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==
  dependencies:
    xtend "^4.0.0"
 prelude-ls@~1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54"
@ -2821,6 +2953,11 @@ pupa@^2.0.1:
  dependencies:
    escape-goat "^2.0.0"
 qs@1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/qs/-/qs-1.2.0.tgz#ed079be28682147e6fd9a34cc2b0c1e0ec6453ee"
  integrity sha1-7Qeb4oaCFH5v2aNMwrDB4OxkU+4=
 qs@6.7.0:
  version "6.7.0"
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
@ -2978,6 +3115,16 @@ responselike@^1.0.2:
  dependencies:
    lowercase-keys "^1.0.0"
 restler@^3.4.0:
  version "3.4.0"
  resolved "https://registry.yarnpkg.com/restler/-/restler-3.4.0.tgz#741ec0b3d16b949feea2813d0c3c68529e888d9b"
  integrity sha1-dB7As9FrlJ/uooE9DDxoUp6IjZs=
  dependencies:
    iconv-lite "0.2.11"
    qs "1.2.0"
    xml2js "0.4.0"
    yaml "0.2.3"
 restore-cursor@^3.1.0:
  version "3.1.0"
  resolved "https://registry.yarnpkg.com/restore-cursor/-/restore-cursor-3.1.0.tgz#39f67c54b3a7a58cea5236d95cf0034239631f7e"
@ -3039,6 +3186,11 @@ safe-regex@^1.1.0:
  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 sax@0.5.x:
  version "0.5.8"
  resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1"
  integrity sha1-1HLbIo6zMcJQaw6MFVJK25OdEsE=
 sax@^1.2.4:
  version "1.2.4"
  resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
@ -3051,6 +3203,11 @@ semver-diff@^3.1.1:
  dependencies:
    semver "^6.3.0"
 semver@4.3.2:
  version "4.3.2"
  resolved "https://registry.yarnpkg.com/semver/-/semver-4.3.2.tgz#c7a07158a80bedd052355b770d82d6640f803be7"
  integrity sha1-x6BxWKgL7dBSNVt3DYLWZA+AO+c=
 semver@^5.3.0, semver@^5.5.0, semver@^5.6.0, semver@^5.7.1:
  version "5.7.1"
  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
@ -3203,6 +3360,13 @@ split-string@^3.0.1, split-string@^3.0.2:
  dependencies:
    extend-shallow "^3.0.0"
 split@^1.0.0:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/split/-/split-1.0.1.tgz#605bd9be303aa59fb35f9229fbea0ddec9ea07d9"
  integrity sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==
  dependencies:
    through "2"
 sprintf-js@~1.0.2:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
@ -3316,6 +3480,11 @@ strip-ansi@^6.0.0:
  dependencies:
    ansi-regex "^5.0.0"
 strip-ansi@~0.1.0:
  version "0.1.1"
  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-0.1.1.tgz#39e8a98d044d150660abe4a6808acf70bb7bc991"
  integrity sha1-OeipjQRNFQZgq+SmgIrPcLt7yZE=
 strip-bom@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/strip-bom/-/strip-bom-3.0.0.tgz#2334c18e9c759f7bdd56fdef7e9ae3d588e68ed3"
@ -3410,7 +3579,7 @@ text-table@^0.2.0:
  resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4"
  integrity sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=
-through@^2.3.6:
+through@2, through@^2.3.6:
  version "2.3.8"
  resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"
  integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=
@ -3542,6 +3711,11 @@ unique-string@^2.0.0:
  dependencies:
    crypto-random-string "^2.0.0"
 unix-timestamp@^0.2.0:
  version "0.2.0"
  resolved "https://registry.yarnpkg.com/unix-timestamp/-/unix-timestamp-0.2.0.tgz#e1cdc2808df6327d27e635d9351e72815288733e"
  integrity sha1-4c3CgI32Mn0n5jXZNR5ygVKIcz4=
 unpipe@1.0.0, unpipe@~1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
@ -3709,6 +3883,24 @@ xdg-basedir@^4.0.0:
  resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
  integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
 xml2js@0.4.0:
  version "0.4.0"
  resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.0.tgz#124fc4114b4129c810800ecb2ac86cf25462cb9a"
  integrity sha1-Ek/EEUtBKcgQgA7LKshs8lRiy5o=
  dependencies:
    sax "0.5.x"
    xmlbuilder ">=0.4.2"
 xmlbuilder@>=0.4.2:
  version "15.1.1"
  resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-15.1.1.tgz#9dcdce49eea66d8d10b42cae94a79c3c8d0c2ec5"
  integrity sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg==
 xtend@^4.0.0:
  version "4.0.2"
  resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54"
  integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
 y18n@^4.0.0:
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.1.tgz#8db2b83c31c5d75099bb890b23f3094891e247d4"
@ -3719,6 +3911,11 @@ yallist@^3.0.0, yallist@^3.1.1:
  resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd"
  integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==
 yaml@0.2.3:
  version "0.2.3"
  resolved "https://registry.yarnpkg.com/yaml/-/yaml-0.2.3.tgz#b5450e92e76ef36b5dd24e3660091ebaeef3e5c7"
  integrity sha1-tUUOkudu82td0k42YAkeuu7z5cc=
 yargs-parser@^18.1.2:
  version "18.1.3"
  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.3.tgz#be68c4975c6b2abf469236b0c870362fab09a7b0"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -37,8 +37,6 @@ services:
  db:
    image: jc21/mariadb-aria
    container_name: npm_db
    ports:
      - 33306:3306
    networks:
      - nginx_proxy_manager
    environment:
@ -49,6 +47,19 @@ services:
    volumes:
      - db_data:/var/lib/mysql
  swagger:
    image: "swaggerapi/swagger-ui:latest"
    container_name: npm_swagger
    ports:
      - 3001:80
    networks:
      - nginx_proxy_manager
    environment:
      URL: "http://127.0.0.1:3081/api/schema"
      PORT: "80"
    depends_on:
      - npm
 volumes:
  npm_data:
    name: npm_core_data
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -3,4 +3,3 @@ non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
 key-type = ecdsa
 elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@ -4,5 +4,5 @@ proxy_set_header X-Forwarded-Scheme $scheme;
 proxy_set_header X-Forwarded-Proto  $scheme;
 proxy_set_header X-Forwarded-For    $remote_addr;
 proxy_set_header X-Real-IP          $remote_addr;
-proxy_pass       $forward_scheme://$server:$port$request_uri;
+proxy_pass       $forward_scheme://$server:$port;
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -43,6 +43,16 @@ http {
 	proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
 	proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
 	lua_package_path '~/lua/?.lua;;';
 	lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 	lua_ssl_verify_depth 5;
 	# cache for discovery metadata documents
 	lua_shared_dict discovery 1m;
 	# cache for JWKs
 	lua_shared_dict jwks 1m;
 	log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
 	log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@ -172,3 +172,26 @@ value by specifying it as a Docker environment variable. The default if not spec
    X_FRAME_OPTIONS: "sameorigin"
  ...
 ```
 ## OpenID Connect SSO
 You can secure any of your proxy hosts with OpenID Connect authentication, providing SSO support from an identity provider like Azure AD or KeyCloak. OpenID Connect support is provided through the [`lua-resty-openidc`](https://github.com/zmartzone/lua-resty-openidc) library of [`OpenResty`](https://github.com/openresty/openresty).
 You will need a few things to get started with OpenID Connect:
 - A registered application with your identity provider, they will provide you with a `Client ID` and a `Client Secret`. Public OpenID Connect applications (without a client secret) are not yet supported.
 - A redirect URL to send the users to after they login with the identity provider, this can be any unused URL under the proxy host, like `https://<proxy host url>/private/callback`, the server will take care of capturing that URL and redirecting you to the proxy host root. You will need to add this URL to the list of allowed redirect URLs for the application you registered with your identity provider. 
 - The well-known discovery endpoint of the identity provider you want to use, this is an URL usually with the form `https://<provider URL>/.well-known/openid-configuration`.
 After you have all this you can proceed to configure the proxy host with OpenID Connect authentication.
 You can also add some rudimentary access control through a list of allowed emails in case your identity provider doesn't let you do that, if this option is enabled, any email not on that list will be denied access to the proxied host.
 The proxy adds some headers based on the authentication result from the identity provider:
 - `X-OIDC-SUB`: The subject identifier, according to the OpenID Coonect spec: `A locally unique and never reassigned identifier within the Issuer for the End-User`.
 - `X-OIDC-EMAIL`: The email of the user that logged in, as specified in the `id_token` returned from the identity provider. The same value that will be checked for the email whitelist.
 - `X-OIDC-NAME`: The user's name claim from the `id_token`, please note that not all id tokens necessarily contain this claim.
--- a/docs/package.json
+++ b/docs/package.json
@ -443,7 +443,7 @@
    "normalize-url": "^5.1.0",
    "npm-run-path": "^4.0.1",
    "nprogress": "^0.2.0",
-    "nth-check": "^2.0.1",
+    "nth-check": "^1.0.2",
    "num2fraction": "^1.2.2",
    "number-is-nan": "^2.0.0",
    "oauth-sign": "^0.9.0",
@ -612,7 +612,7 @@
    "serve-index": "^1.9.1",
    "serve-static": "^1.14.1",
    "set-blocking": "^2.0.0",
-    "set-value": "^4.0.1",
+    "set-value": "^3.0.2",
    "setimmediate": "^1.0.5",
    "setprototypeof": "^1.2.0",
    "sha.js": "^2.4.11",
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@ -1,44 +1,6 @@
 # Full Setup Instructions
-## Running the App
+## MySQL Database
 Create a `docker-compose.yml` file:
 ```yml
 version: "3"
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of 
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
 ```
 Then:
 ```bash
 docker-compose up -d
 ```
 ## Using MySQL / MariaDB Database
 If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:
@ -48,7 +10,15 @@ If you opt for the MySQL configuration you will have to provide the database ser
 It's easy to use another docker container for your database also and link it as part of the docker stack, so that's what the following examples
 are going to use.
-Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:
+::: warning
 When using a `mariadb` database, the NPM configuration file should still use the `mysql` engine!
 :::
 ## Running the App
 Via `docker-compose`:
 ```yml
 version: "3"
@ -57,18 +27,24 @@ services:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
-      # These ports are in format <host-port>:<container-port>
+      # Public HTTP Port:
-      - '80:80' # Public HTTP Port
+      - '80:80'
-      - '443:443' # Public HTTPS Port
+      # Public HTTPS Port:
-      - '81:81' # Admin Web Port
+      - '443:443'
      # Admin Web Port:
      - '81:81'
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # These are the settings to access your db
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # If you would rather use Sqlite uncomment this
      # and remove all DB_MYSQL_* lines above
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
@ -76,7 +52,6 @@ services:
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
@ -89,11 +64,13 @@ services:
      - ./data/mysql:/var/lib/mysql
 ```
-::: warning
+_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use Sqlite._
-Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use SQLite.
+Then:
-:::
+```bash
 docker-compose up -d
 ```
 ## Running on Raspberry PI / ARM devices
@ -112,7 +89,57 @@ for a list of supported architectures and if you want one that doesn't exist,
 Also, if you don't know how to already, follow [this guide to install docker and docker-compose](https://manre-universe.net/how-to-run-docker-and-docker-compose-on-raspbian/)
 on Raspbian.
-Please note that the `jc21/mariadb-aria:latest` image might have some problems on some ARM devices, if you want a separate database container, use the `yobasystems/alpine-mariadb:latest` image.
+Via `docker-compose`:
 ```yml
 version: "3"
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
    environment:
      # These are the settings to access your db
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "changeuser"
      DB_MYSQL_PASSWORD: "changepass"
      DB_MYSQL_NAME: "npm"
      # If you would rather use Sqlite uncomment this
      # and remove all DB_MYSQL_* lines above
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data/nginx-proxy-manager:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: yobasystems/alpine-mariadb:latest
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "changeme"
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "changeuser"
      MYSQL_PASSWORD: "changepass"
    volumes:
      - ./data/mariadb:/var/lib/mysql
 ```
 _Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` var>
 Then:
 ```bash
 docker-compose up -d
 ```
 ## Initial Run
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@ -1624,9 +1624,9 @@ ansi-regex@^4.1.0:
  integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==
 ansi-regex@^5.0.0:
-  version "5.0.1"
+  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
-  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
+  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
 ansi-styles@^2.2.1:
  version "2.2.1"
@ -6726,13 +6726,6 @@ nth-check@^1.0.2, nth-check@~1.0.1:
  dependencies:
    boolbase "~1.0.0"
 nth-check@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.0.1.tgz#2efe162f5c3da06a28959fbd3db75dbeea9f0fc2"
  integrity sha512-it1vE95zF6dTT9lBsYbxvqh0Soy4SPowchj0UBGj/V6cTPnXXtQOPUbhZ6CmGzAD/rW22LQK6E96pcdJXk4A4w==
  dependencies:
    boolbase "^1.0.0"
 num2fraction@^1.2.2:
  version "1.2.2"
  resolved "https://registry.yarnpkg.com/num2fraction/-/num2fraction-1.2.2.tgz#6f682b6a027a4e9ddfa4564cd2589d1d4e669ede"
@ -7706,9 +7699,9 @@ pretty-time@^1.1.0:
  integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 prismjs@^1.13.0, prismjs@^1.20.0:
-  version "1.25.0"
+  version "1.24.0"
-  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.25.0.tgz#6f822df1bdad965734b310b315a23315cf999756"
+  resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.24.0.tgz#0409c30068a6c52c89ef7f1089b3ca4de56be2ac"
-  integrity sha512-WCjJHl1KEWbnkQom1+SzftbtXMKQoezOCYs5rECqMN+jP+apI7ftoflyqigqzopSO3hMhTEb0mFClA8lkolgEg==
+  integrity sha512-SqV5GRsNqnzCL8k5dfAjCNhUrF3pR0A9lTDSCUZeh/LIshheXJEaP0hwLz2t4XHivd2J/v2HR+gRnigzeKe3cQ==
 private@^0.1.8:
  version "0.1.8"
@ -8443,20 +8436,13 @@ set-value@^2.0.0, set-value@^2.0.1:
    is-plain-object "^2.0.3"
    split-string "^3.0.1"
-set-value@^3.0.0:
+set-value@^3.0.0, set-value@^3.0.2:
  version "3.0.2"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-3.0.2.tgz#74e8ecd023c33d0f77199d415409a40f21e61b90"
  integrity sha512-npjkVoz+ank0zjlV9F47Fdbjfj/PfXyVhZvGALWsyIYU/qrMzpi6avjKW3/7KeSU2Df3I46BrN1xOI1+6vW0hA==
  dependencies:
    is-plain-object "^2.0.4"
 set-value@^4.0.1:
  version "4.0.1"
  resolved "https://registry.yarnpkg.com/set-value/-/set-value-4.0.1.tgz#bc23522ade2d52314ec3b5d6fb140f5cd3a88acf"
  integrity sha512-ayATicCYPVnlNpFmjq2/VmVwhoCQA9+13j8qWp044fmFE3IFphosPtRM+0CJ5xoIx5Uy52fCcwg3XeH2pHbbPQ==
  dependencies:
    is-plain-object "^2.0.4"
 setimmediate@^1.0.4, setimmediate@^1.0.5:
  version "1.0.5"
  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@ -685,16 +685,6 @@ module.exports = {
                return fetch('post', 'nginx/certificates/' + id + '/renew', undefined, {timeout});
            },
            /**
             * @param  {Number}  id
             * @returns {Promise}
             */
            testHttpChallenge: function (domains) {
                return fetch('get', 'nginx/certificates/test-http?' + new URLSearchParams({
                    domains: JSON.stringify(domains),
                }));
            },
            /**
             * @param   {Number}  id
             * @returns {Promise}
--- a/frontend/js/app/controller.js
+++ b/frontend/js/app/controller.js
@ -366,19 +366,6 @@ module.exports = {
        }
    },
    /**
     * Certificate Test Reachability
     *
     * @param model
     */
    showNginxCertificateTestReachability: function (model) {
      if (Cache.User.isAdmin() || Cache.User.canManage('certificates')) {
        require(['./main', './nginx/certificates/test'], function (App, View) {
          App.UI.showModalDialog(new View({model: model}));
        });
      }
    },
    /**
     * Audit Log
     */
--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@ -18,14 +18,6 @@
                            <input type="text" name="domain_names" class="form-control" id="input-domains" value="<%- domain_names.join(',') %>" required>
                            <div class="text-blue"><i class="fe fe-alert-triangle"></i> <%- i18n('ssl', 'hosts-warning') %></div>
                        </div>
                        <div class="mb-3 test-domains-container">
                            <button type="button" class="btn btn-secondary test-domains col-sm-12"><%- i18n('certificates', 'test-reachability') %></button>
                            <div class="text-secondary small">
                                <i class="fe fe-info"></i> 
                                <%- i18n('certificates', 'reachability-info') %>
                            </div>
                        </div>
                    </div>
                    <div class="col-sm-12 col-md-12">
                        <div class="form-group">
--- a/frontend/js/app/nginx/certificates/form.js
+++ b/frontend/js/app/nginx/certificates/form.js
@ -29,8 +29,6 @@ module.exports = Mn.View.extend({
        non_loader_content:                   '.non-loader-content',
        le_error_info:                        '#le-error-info',
        domain_names:                         'input[name="domain_names"]',
        test_domains_container:               '.test-domains-container',
        test_domains_button:                  '.test-domains',
        buttons:                              '.modal-footer button',
        cancel:                               'button.cancel',
        save:                                 'button.save',
@ -58,12 +56,10 @@ module.exports = Mn.View.extend({
                    this.ui.dns_provider_credentials.prop('required', 'required');
                }
                this.ui.dns_challenge_content.show();
                this.ui.test_domains_container.hide();
            } else {
                this.ui.dns_provider.prop('required', false);
                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.dns_challenge_content.hide();
+                this.ui.dns_challenge_content.hide();                
                this.ui.test_domains_container.show();            
            }
        },
@ -209,23 +205,6 @@ module.exports = Mn.View.extend({
                    this.ui.non_loader_content.show();
                });
        },
        'click @ui.test_domains_button': function (e) {
            e.preventDefault();
            const domainNames = this.ui.domain_names[0].value.split(',');
            if (domainNames && domainNames.length > 0) {
                this.model.set('domain_names', domainNames);
                this.model.set('back_to_add', true);
                App.Controller.showNginxCertificateTestReachability(this.model);
            }
        },
        'change @ui.domain_names': function(e){
            const domainNames = e.target.value.split(',');
            if (domainNames && domainNames.length > 0) {
                this.ui.test_domains_button.prop('disabled', false);
            } else {
                this.ui.test_domains_button.prop('disabled', true);
            }
        },
        'change @ui.other_certificate_key': function(e){
            this.setFileName("other_certificate_key_label", e)
        },
@ -278,10 +257,6 @@ module.exports = Mn.View.extend({
        this.ui.credentials_file_content.hide(); 
        this.ui.loader_content.hide();
        this.ui.le_error_info.hide();
        const domainNames = this.ui.domain_names[0].value.split(',');
        if (!domainNames || domainNames.length === 0 || (domainNames.length === 1 && domainNames[0] === "")) {
            this.ui.test_domains_button.prop('disabled', true);
        }
    },
    initialize: function (options) {
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -42,9 +42,6 @@
            <% if (provider === 'letsencrypt') { %>
                <a href="#" class="renew dropdown-item"><i class="dropdown-icon fe fe-refresh-cw"></i> <%- i18n('certificates', 'force-renew') %></a>
                <a href="#" class="download dropdown-item"><i class="dropdown-icon fe fe-download"></i> <%- i18n('certificates', 'download') %></a>
                <% if (meta.dns_challenge === false) { %>
                    <a href="#" class="test dropdown-item"><i class="dropdown-icon fe fe-globe"></i> <%- i18n('certificates', 'test-reachability') %></a>
                <% } %>
                <div class="dropdown-divider"></div>
            <% } %>
            <a href="#" class="delete dropdown-item"><i class="dropdown-icon fe fe-trash-2"></i> <%- i18n('str', 'delete') %></a>
--- a/frontend/js/app/nginx/certificates/list/item.js
+++ b/frontend/js/app/nginx/certificates/list/item.js
@ -2,7 +2,7 @@ const Mn            = require('backbone.marionette');
 const moment        = require('moment');
 const App           = require('../../../main');
 const template      = require('./item.ejs');
-const dns_providers = require('../../../../../../global/certbot-dns-plugins');
+const dns_providers = require('../../../../../../global/certbot-dns-plugins')
 module.exports = Mn.View.extend({
    template: template,
@ -12,8 +12,7 @@ module.exports = Mn.View.extend({
        host_link: '.host-link',
        renew:     'a.renew',
        delete:    'a.delete',
-        download:  'a.download',
+        download:  'a.download'
        test:      'a.test'
    },
    events: {
@ -32,16 +31,11 @@ module.exports = Mn.View.extend({
            let win = window.open($(e.currentTarget).attr('rel'), '_blank');
            win.focus();
        },
-                
+        
        'click @ui.download': function (e) {
            e.preventDefault();
-            App.Api.Nginx.Certificates.download(this.model.get('id'));
+            App.Api.Nginx.Certificates.download(this.model.get('id'))
-        },
+        }
        'click @ui.test': function (e) {
            e.preventDefault();
            App.Controller.showNginxCertificateTestReachability(this.model);
        },
    },
    templateContext: {
--- a/frontend/js/app/nginx/certificates/test.ejs
+++ b/frontend/js/app/nginx/certificates/test.ejs
@ -1,15 +0,0 @@
 <div class="modal-content">
    <div class="modal-header">
        <h5 class="modal-title"><%- i18n('certificates', 'reachability-title') %></h5>
    </div>
    <div class="modal-body">
        <div class="waiting text-center">
            <%= i18n('str', 'please-wait') %>
        </div>
        <div class="alert alert-danger error" role="alert"></div>
        <div class="alert alert-success success" role="alert"></div>
    </div>
    <div class="modal-footer">
        <button type="button" class="btn btn-secondary cancel" disabled><%- i18n('str', 'close') %></button>
    </div>
 </div>
--- a/frontend/js/app/nginx/certificates/test.js
+++ b/frontend/js/app/nginx/certificates/test.js
@ -1,75 +0,0 @@
 const Mn       = require('backbone.marionette');
 const App      = require('../../main');
 const template = require('./test.ejs');
 module.exports = Mn.View.extend({
 	template:  template,
 	className: 'modal-dialog',
 	ui: {
 		waiting: '.waiting',
 		error:   '.error',
 		success: '.success',
 		close:   'button.cancel'
 	},
    events: {
        'click @ui.close': function (e) {
            e.preventDefault();
            if (this.model.get('back_to_add')) {
                App.Controller.showNginxCertificateForm(this.model);
            } else {
                App.UI.closeModal();
            }
        },
    },
 	onRender: function () {
 		this.ui.error.hide();
 		this.ui.success.hide();
 		App.Api.Nginx.Certificates.testHttpChallenge(this.model.get('domain_names'))
 			.then((result) => {
 				let allOk = true;
 				let text  = '';
 				for (const domain in result) {
 					const status = result[domain];
 					if (status === 'ok') {
 						text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-ok')}</p>`;
 					} else {
 						allOk = false;
 						if (status === 'no-host') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-not-resolved')}</p>`;
 						} else if (status === 'failed') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-failed-to-check')}</p>`;
 						} else if (status === '404') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-404')}</p>`;
 						} else if (status === 'wrong-data') {
 							text += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-wrong-data')}</p>`;
 						} else if (status.startsWith('other:')) {
 							const code = status.substring(6);
 							text      += `<p><strong>${domain}:</strong> ${App.i18n('certificates', 'reachability-other', {code})}</p>`;
 						} else {
 							// This should never happen
 							text += `<p><strong>${domain}:</strong> ?</p>`;
 						}
 					}
 				}
 				this.ui.waiting.hide();
 				if (allOk) {
 					this.ui.success.html(text).show();
 				} else {
 					this.ui.error.html(text).show();
 				}
 				this.ui.close.prop('disabled', false);
 			})
 			.catch((e) => {
 				console.error(e);
 				this.ui.waiting.hide();
 				this.ui.error.text(App.i18n('certificates', 'reachability-failed-to-reach-api')).show();
 				this.ui.close.prop('disabled', false);
 			});
 	}
 });
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -11,6 +11,7 @@
                <li role="presentation" class="nav-item"><a href="#locations" aria-controls="tab4" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-layers"></i> <%- i18n('all-hosts', 'locations') %></a></li>
                <li role="presentation" class="nav-item"><a href="#ssl-options" aria-controls="tab2" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-shield"></i> <%- i18n('str', 'ssl') %></a></li>
                <li role="presentation" class="nav-item"><a href="#advanced" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i> <%- i18n('all-hosts', 'advanced') %></a></li>
                <li role="presentation" class="nav-item"><a href="#openidc" aria-controls="tab3" role="tab" data-toggle="tab" class="nav-link"><i class="fe fe-settings"></i><%- i18n('proxy-hosts', 'oidc') %></a></li>
            </ul>
            <div class="tab-content">
@ -257,17 +258,81 @@
                <div role="tabpanel" class="tab-pane" id="advanced">
                    <div class="row">
                        <div class="col-md-12">
-                            <p><%- i18n('all-hosts', 'advanced-config-var-headline') %></p>
+                            <p>Nginx variables available to you are:</p>
                            <ul class="text-monospace">
-                                <li><code>$server</code> <%- i18n('proxy-hosts', 'forward-host') %></li>
+                                <li>$server          # Host/IP</li>
-                                <li><code>$port</code> <%- i18n('proxy-hosts', 'forward-port') %></li>
+                                <li>$port            # Port Number</li>
-                                <li><code>$forward_scheme</code> <%- i18n('proxy-hosts', 'forward-scheme') %></li>
+                                <li>$forward_scheme  # http or https</li>
                            </ul>
                            <div class="form-group mb-0">
                                <label class="form-label"><%- i18n('all-hosts', 'advanced-config') %></label>
                                <textarea name="advanced_config" rows="8" class="form-control text-monospace" placeholder="# <%- i18n('all-hosts', 'advanced-warning') %>"><%- advanced_config %></textarea>
                            </div>
-                            <p class="small text-gray"><i class="fe fe-alert-triangle"></i> <%- i18n('all-hosts', 'advanced-config-header-info') %></p>
+                        </div>
                    </div>
                </div>
                <!-- OpenID Connect -->
                <div role="tabpanel" class="tab-pane" id="openidc">
                    <div class="row">
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1"<%- openidc_enabled ? ' checked' : '' %>>
                                    <span class="custom-switch-indicator"></span>
                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'oidc-enabled') %></span>
                                </label>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 openidc">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'oidc-redirect-uri') %><span class="form-required">*</span></label>
                                <input type="text" name="openidc_redirect_uri" class="form-control text-monospace" placeholder="" value="<%- openidc_redirect_uri %>" autocomplete="off" maxlength="255" required>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 openidc">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'oidc-discovery-endpoint') %><span class="form-required">*</span></label>
                                <input type="text" name="openidc_discovery" class="form-control text-monospace" placeholder="" value="<%- openidc_discovery %>" autocomplete="off" maxlength="255" required>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 openidc">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'oidc-token-auth-method') %><span class="form-required">*</span></label>
                                <select name="openidc_auth_method" class="form-control custom-select" placeholder="client_secret_post">
                                    <option value="client_secret_post" <%- openidc_auth_method === 'client_secret_post' ? 'selected' : '' %>>client_secret_post</option>
                                    <option value="client_secret_basic" <%- openidc_auth_method === 'client_secret_basic' ? 'selected' : '' %>>client_secret_basic</option>
                                </select>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 openidc">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'oidc-client-id') %><span class="form-required">*</span></label>
                                <input type="text" name="openidc_client_id" class="form-control text-monospace" placeholder="" value="<%- openidc_client_id %>" autocomplete="off" maxlength="255" required>
                            </div>
                        </div>
                        <div class="col-sm-12 col-md-12 openidc">
                            <div class="form-group">
                                <label class="form-label"><%- i18n('proxy-hosts', 'oidc-client-secret') %><span class="form-required">*</span></label>
                                <input type="text" name="openidc_client_secret" class="form-control text-monospace" placeholder="" value="<%- openidc_client_secret %>" autocomplete="off" maxlength="255" required>
                            </div>
                        </div>
                        <div class="openidc">
                            <div class="col-sm-12 col-md-12">
                                <div class="form-group">
                                    <label class="custom-switch">
                                        <input type="checkbox" class="custom-switch-input" name="openidc_restrict_users_enabled" value="1"<%- openidc_restrict_users_enabled ? ' checked' : '' %>>
                                        <span class="custom-switch-indicator"></span>
                                        <span class="custom-switch-description"><%- i18n('proxy-hosts', 'oidc-allow-only-emails') %></span>
                                    </label>
                                </div>
                            </div>
                            <div class="col-sm-12 col-md-12 openidc_users">
                                <div class="form-group">
                                    <label class="form-label"><%- i18n('proxy-hosts', 'oidc-allowed-emails') %><span class="form-required">*</span></label>
                                    <input type="text" name="openidc_allowed_users" class="form-control" id="openidc_allowed_users" value="<%- openidc_allowed_users.join(',') %>" required>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@ -21,29 +21,34 @@ module.exports = Mn.View.extend({
    locationsCollection: new ProxyLocationModel.Collection(),
    ui: {
-        form:                     'form',
+        form:                           'form',
-        domain_names:             'input[name="domain_names"]',
+        domain_names:                   'input[name="domain_names"]',
-        forward_host:             'input[name="forward_host"]',
+        forward_host:                   'input[name="forward_host"]',
-        buttons:                  '.modal-footer button',
+        buttons:                        '.modal-footer button',
-        cancel:                   'button.cancel',
+        cancel:                         'button.cancel',
-        save:                     'button.save',
+        save:                           'button.save',
-        add_location_btn:         'button.add_location',
+        add_location_btn:               'button.add_location',
-        locations_container:      '.locations_container',
+        locations_container:            '.locations_container',
-        le_error_info:            '#le-error-info',
+        le_error_info:                  '#le-error-info',
-        certificate_select:       'select[name="certificate_id"]',
+        certificate_select:             'select[name="certificate_id"]',
-        access_list_select:       'select[name="access_list_id"]',
+        access_list_select:             'select[name="access_list_id"]',
-        ssl_forced:               'input[name="ssl_forced"]',
+        ssl_forced:                     'input[name="ssl_forced"]',
-        hsts_enabled:             'input[name="hsts_enabled"]',
+        hsts_enabled:                   'input[name="hsts_enabled"]',
-        hsts_subdomains:          'input[name="hsts_subdomains"]',
+        hsts_subdomains:                'input[name="hsts_subdomains"]',
-        http2_support:            'input[name="http2_support"]',
+        http2_support:                  'input[name="http2_support"]',
-        dns_challenge_switch:     'input[name="meta[dns_challenge]"]',
+        dns_challenge_switch:           'input[name="meta[dns_challenge]"]',
-        dns_challenge_content:    '.dns-challenge',
+        dns_challenge_content:          '.dns-challenge',
-        dns_provider:             'select[name="meta[dns_provider]"]',
+        dns_provider:                   'select[name="meta[dns_provider]"]',
-        credentials_file_content: '.credentials-file-content',
+        credentials_file_content:       '.credentials-file-content',
-        dns_provider_credentials: 'textarea[name="meta[dns_provider_credentials]"]',
+        dns_provider_credentials:       'textarea[name="meta[dns_provider_credentials]"]',
-        propagation_seconds:      'input[name="meta[propagation_seconds]"]',
+        propagation_seconds:            'input[name="meta[propagation_seconds]"]',
-        forward_scheme:           'select[name="forward_scheme"]',
+        forward_scheme:                 'select[name="forward_scheme"]',
-        letsencrypt:              '.letsencrypt'
+        letsencrypt:                    '.letsencrypt',
        openidc_enabled:                'input[name="openidc_enabled"]',
        openidc_restrict_users_enabled: 'input[name="openidc_restrict_users_enabled"]',
        openidc_allowed_users:          'input[name="openidc_allowed_users"]',
        openidc:                        '.openidc',
        openidc_users:                  '.openidc_users',
    },
    regions: {
@ -113,7 +118,7 @@ module.exports = Mn.View.extend({
            } else {
                this.ui.dns_provider.prop('required', false);
                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.dns_challenge_content.hide();                
+                this.ui.dns_challenge_content.hide();
            }
        },
@ -125,13 +130,34 @@ module.exports = Mn.View.extend({
                this.ui.credentials_file_content.show();
            } else {
                this.ui.dns_provider_credentials.prop('required', false);
-                this.ui.credentials_file_content.hide();                
+                this.ui.credentials_file_content.hide();
            }
        },
        'change @ui.openidc_enabled': function () {
            let checked = this.ui.openidc_enabled.prop('checked');
            if (checked) {
                this.ui.openidc.show().find('input').prop('disabled', false);
            } else {
                this.ui.openidc.hide().find('input').prop('disabled', true);
            }
            this.ui.openidc_restrict_users_enabled.trigger('change');
        },
        'change @ui.openidc_restrict_users_enabled': function () {
            let checked = this.ui.openidc_restrict_users_enabled.prop('checked');
            if (checked) {
                this.ui.openidc_users.show().find('input').prop('disabled', false);
            } else {
                this.ui.openidc_users.hide().find('input').prop('disabled', true);
            }
        },
        'click @ui.add_location_btn': function (e) {
            e.preventDefault();
-            
+
            const model = new ProxyLocationModel.Model();
            this.locationsCollection.add(model);
        },
@ -167,17 +193,25 @@ module.exports = Mn.View.extend({
            data.hsts_enabled            = !!data.hsts_enabled;
            data.hsts_subdomains         = !!data.hsts_subdomains;
            data.ssl_forced              = !!data.ssl_forced;
-            
+            data.openidc_enabled         = data.openidc_enabled === '1';
            data.openidc_restrict_users_enabled = data.openidc_restrict_users_enabled === '1';
            if (data.openidc_restrict_users_enabled) {
                if (typeof data.openidc_allowed_users === 'string' && data.openidc_allowed_users) {
                    data.openidc_allowed_users = data.openidc_allowed_users.split(',');
                }
            }
            if (typeof data.meta === 'undefined') data.meta = {};
            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
            data.meta.dns_challenge = data.meta.dns_challenge == 1;
-            
+
            if(!data.meta.dns_challenge){
                data.meta.dns_provider = undefined;
                data.meta.dns_provider_credentials = undefined;
                data.meta.propagation_seconds = undefined;
            } else {
-                if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined; 
+                if(data.meta.propagation_seconds === '') data.meta.propagation_seconds = undefined;
            }
            if (typeof data.domain_names === 'string' && data.domain_names) {
@ -185,7 +219,7 @@ module.exports = Mn.View.extend({
            }
            // Check for any domain names containing wildcards, which are not allowed with letsencrypt
-            if (data.certificate_id === 'new') {                
+            if (data.certificate_id === 'new') {
                let domain_err = false;
                if (!data.meta.dns_challenge) {
                    data.domain_names.map(function (name) {
@ -203,6 +237,12 @@ module.exports = Mn.View.extend({
                data.certificate_id = parseInt(data.certificate_id, 10);
            }
            // OpenID Connect won't work with multiple domain names because the redirect URL has to point to a specific one
            if (data.openidc_enabled && data.domain_names.length > 1) {
                alert('Cannot use mutliple domain names when OpenID Connect is enabled');
                return;
            }
            let method = App.Api.Nginx.ProxyHosts.create;
            let is_new = true;
@ -344,6 +384,23 @@ module.exports = Mn.View.extend({
                view.ui.certificate_select[0].selectize.setValue(view.model.get('certificate_id'));
            }
        });
        // OpenID Connect
        this.ui.openidc_allowed_users.selectize({
            delimiter:    ',',
            persist:      false,
            maxOptions:   15,
            create:       function (input) {
                return {
                    value: input,
                    text:  input
                };
            }
        });
        this.ui.openidc.hide().find('input').prop('disabled', true);
        this.ui.openidc_users.hide().find('input').prop('disabled', true);
        this.ui.openidc_enabled.trigger('change');
        this.ui.openidc_restrict_users_enabled.trigger('change');
    },
    initialize: function (options) {
--- a/frontend/js/app/ui/header/main.ejs
+++ b/frontend/js/app/ui/header/main.ejs
@ -1,8 +1,5 @@
 <div class="container">
    <div class="d-flex">
        <button class="navbar-toggler d-lg-none mr-2" type="button" data-toggle="collapse" data-target="#menu">
            <span class="navbar-toggler-icon"></span>
        </button>
        <a class="navbar-brand" href="/">
            <img src="/images/favicons/favicon-32x32.png" border="0"> &nbsp; <%- i18n('main', 'app') %>
        </a>
--- a/frontend/js/app/ui/main.ejs
+++ b/frontend/js/app/ui/main.ejs
@ -1,11 +1,9 @@
 <div class="page-main">
-    <div class="navbar-light">
+    <div class="header" id="header">
-        <div class="header" id="header">
+        <!-- Header View -->
-            <!-- Header View -->
+    </div>
-        </div>
+    <div id="menu">
-        <div id="menu">
+        <!-- Menu View -->
            <!-- Menu View -->
        </div>
    </div>
    <div class="my-3 my-md-5">
        <div id="app-content" class="container">
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -84,8 +84,6 @@
      "advanced": "Advanced",
      "advanced-warning": "Enter your custom Nginx configuration here at your own risk!",
      "advanced-config": "Custom Nginx Configuration",
      "advanced-config-var-headline": "These proxy details are available as nginx variables:",
      "advanced-config-header-info": "Please note, that any add_header or set_header directives added here will not be used by nginx. You will have to add a custom location '/' and add the header in the custom config there.",
      "hsts-enabled": "HSTS Enabled",
      "hsts-subdomains": "HSTS Subdomains",
      "locations": "Custom locations"
@ -132,7 +130,16 @@
      "access-list": "Access List",
      "allow-websocket-upgrade": "Websockets Support",
      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
-      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path"
+      "custom-forward-host-help": "Use 1.1.1.1/path for sub-folder forwarding",
      "oidc": "OpenID Connect",
      "oidc-enabled": "Use OpenID Connect authentication",
      "oidc-redirect-uri": "Redirect URI",
      "oidc-discovery-endpoint": "Well-known discovery endpoint",
      "oidc-token-auth-method": "Token endpoint auth method",
      "oidc-client-id": "Client ID",
      "oidc-client-secret": "Client secret",
      "oidc-allow-only-emails": "Allow only these user emails",
      "oidc-allowed-emails": "Allowed email addresses"
    },
    "redirection-hosts": {
      "title": "Redirection Hosts",
@ -143,7 +150,7 @@
      "forward-http-status-code": "HTTP Code",
      "forward-domain": "Forward Domain",
      "preserve-path": "Preserve Path",
-      "delete": "Delete Redirection Host",
+      "delete": "Delete Proxy Host",
      "delete-confirm": "Are you sure you want to delete the Redirection host for: <strong>{domains}</strong>?",
      "help-title": "What is a Redirection Host?",
      "help-content": "A Redirection Host will redirect requests from the incoming domain and push the viewer to another domain.\nThe most common reason to use this type of host is when your website changes domains but you still have search engine or referrer links pointing to the old domain."
@ -190,16 +197,6 @@
      "other-certificate-key": "Certificate Key",
      "other-intermediate-certificate": "Intermediate Certificate",
      "force-renew": "Renew Now",
      "test-reachability": "Test Server Reachability",
      "reachability-title": "Test Server Reachability",
      "reachability-info": "Test whether the domains are reachable from the public internet using Site24x7. This is not necessary when using the DNS Challenge.",
      "reachability-failed-to-reach-api": "Communication with the API failed, is NPM running correctly?",
      "reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
      "reachability-ok": "Your server is reachable and creating certificates should be possible.",
      "reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
      "reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
      "reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
      "reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
      "download": "Download",
      "renew-title": "Renew Let'sEncrypt Certificate"
    },
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@ -22,6 +22,14 @@ const model = Backbone.Model.extend({
            block_exploits:          false,
            http2_support:           false,
            advanced_config:         '',
            openidc_enabled:         false,
            openidc_redirect_uri:    '',
            openidc_discovery:       '',
            openidc_auth_method:     'client_secret_post',
            openidc_client_id:       '',
            openidc_client_secret:   '',
            openidc_restrict_users_enabled: false,
            openidc_allowed_users:   [],
            enabled:                 true,
            meta:                    {},
            // The following are expansions:
--- a/frontend/package.json
+++ b/frontend/package.json
@ -7,6 +7,7 @@
    "@babel/core": "^7.9.0",
    "babel-core": "^6.26.3",
    "babel-loader": "^8.1.0",
    "babel-minify-webpack-plugin": "^0.3.1",
    "babel-preset-env": "^1.7.0",
    "backbone": "^1.4.0",
    "backbone.marionette": "^4.1.2",
@ -27,10 +28,10 @@
    "messageformat-loader": "^0.8.1",
    "mini-css-extract-plugin": "^0.9.0",
    "moment": "^2.24.0",
-    "node-sass": "^6.0.1",
+    "node-sass": "^4.13.1",
    "nodemon": "^2.0.2",
    "numeral": "^2.0.6",
-    "sass-loader": "10.2.0",
+    "sass-loader": "^8.0.2",
    "style-loader": "^1.1.3",
    "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
    "underscore": "^1.12.1",
--- a/frontend/webpack.config.js
+++ b/frontend/webpack.config.js
@ -13,8 +13,8 @@ module.exports = {
 	},
 	output:    {
 		path:          path.resolve(__dirname, 'dist'),
-		filename:      `js/[name].bundle.js?v=${PACKAGE.version}`,
+		filename:      'js/[name].bundle.js',
-		chunkFilename: `js/[name].bundle.[id].js?v=${PACKAGE.version}`,
+		chunkFilename: 'js/[name].bundle.[id].js',
 		publicPath:    '/'
 	},
 	resolve:   {
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@ -9,10 +9,10 @@
 *    cloudflare: {
 *      display_name: "Name displayed to the user",
 *      package_name: "Package name in PyPi repo",
- *      version_requirement: "Optional package version requirements (e.g. ==1.3 or >=1.2,<2.0, see https://www.python.org/dev/peps/pep-0440/#version-specifiers)",
+ *      package_version: "Package version in PyPi repo",
 *      dependencies: "Additional dependencies, space separated (as you would pass it to pip install)",
 *      credentials: `Template of the credentials file`,
- *      full_plugin_name: "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'",
+ *      full_plugin_name: "The full plugin name as used in the commandline with certbot, including prefixes, e.g. 'certbot-dns-njalla:dns-njalla'",
 *    },
 *    ...
 *  }
@ -22,30 +22,30 @@
 module.exports = {
 	//####################################################//
 	acmedns: {
-		display_name:        'ACME-DNS',
+		display_name:    'ACME-DNS',
-		package_name:        'certbot-dns-acmedns',
+		package_name:    'certbot-dns-acmedns',
-		version_requirement: '~=0.1.0',
+		package_version: '0.1.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_acmedns_api_url = http://acmedns-server/
+		credentials:     `certbot_dns_acmedns:dns_acmedns_api_url = http://acmedns-server/
-dns_acmedns_registration_file = /data/acme-registration.json`,
+certbot_dns_acmedns:dns_acmedns_registration_file = /data/acme-registration.json`,
-		full_plugin_name: 'dns-acmedns',
+		full_plugin_name: 'certbot-dns-acmedns:dns-acmedns',
 	},
 	aliyun: {
-		display_name:        'Aliyun',
+		display_name:    'Aliyun',
-		package_name:        'certbot-dns-aliyun',
+		package_name:    'certbot-dns-aliyun',
-		version_requirement: '~=0.38.1',
+		package_version: '0.38.1',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_aliyun_access_key = 12345678
+		credentials:     `certbot_dns_aliyun:dns_aliyun_access_key = 12345678
-dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef`,
+certbot_dns_aliyun:dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef`,
-		full_plugin_name: 'dns-aliyun',
+		full_plugin_name: 'certbot-dns-aliyun:dns-aliyun',
 	},
 	//####################################################//
 	azure: {
-		display_name:        'Azure',
+		display_name:    'Azure',
-		package_name:        'certbot-dns-azure',
+		package_name:    'certbot-dns-azure',
-		version_requirement: '~=1.2.0',
+		package_version: '1.2.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.
+		credentials:     `# This plugin supported API authentication using either Service Principals or utilizing a Managed Identity assigned to the virtual machine.
 # Regardless which authentication method used, the identity will need the “DNS Zone Contributor” role assigned to it.
 # As multiple Azure DNS Zones in multiple resource groups can exist, the config file needs a mapping of zone to resource group ID. Multiple zones -> ID mappings can be listed by using the key dns_azure_zoneX where X is a unique number. At least 1 zone mapping is required.
@ -67,179 +67,165 @@ dns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf274462
 	},
 	//####################################################//
 	cloudflare: {
-		display_name: 'Cloudflare',
+		display_name:    'Cloudflare',
-		package_name: 'certbot-dns-cloudflare',
+		package_name:    'certbot-dns-cloudflare',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: 'cloudflare',
+		dependencies:    'cloudflare',
-		credentials:  `# Cloudflare API token
+		credentials:     `# Cloudflare API token
 dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
 		full_plugin_name: 'dns-cloudflare',
 	},
 	//####################################################//
 	cloudns: {
-		display_name:        'ClouDNS',
+		display_name:    'ClouDNS',
-		package_name:        'certbot-dns-cloudns',
+		package_name:    'certbot-dns-cloudns',
-		version_requirement: '~=0.4.0',
+		package_version: '0.4.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `# Target user ID (see https://www.cloudns.net/api-settings/)
+		credentials:     `# Target user ID (see https://www.cloudns.net/api-settings/)
 	dns_cloudns_auth_id=1234
 	# Alternatively, one of the following two options can be set:
 	# dns_cloudns_sub_auth_id=1234
-	# dns_cloudns_sub_auth_user=foobar
+	# dns_cloudns_sub_auth_user=foobar 
-
+	
 	# API password
 	dns_cloudns_auth_password=password1`,
 		full_plugin_name: 'dns-cloudns',
 	},
 	//####################################################//
 	cloudxns: {
-		display_name: 'CloudXNS',
+		display_name:    'CloudXNS',
-		package_name: 'certbot-dns-cloudxns',
+		package_name:    'certbot-dns-cloudxns',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+		credentials:     `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
 dns_cloudxns_secret_key = 1122334455667788`,
 		full_plugin_name: 'dns-cloudxns',
 	},
 	//####################################################//
 	corenetworks: {
-		display_name:        'Core Networks',
+		display_name:    'Core Networks',
-		package_name:        'certbot-dns-corenetworks',
+		package_name:    'certbot-dns-corenetworks',
-		version_requirement: '~=0.1.4',
+		package_version: '0.1.4',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_corenetworks_username = asaHB12r
+		credentials:     `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
-dns_corenetworks_password = secure_password`,
+certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
-		full_plugin_name: 'dns-corenetworks',
+		full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
 	},
 	//####################################################//
 	cpanel: {
-		display_name:        'cPanel',
+		display_name:    'cPanel',
-		package_name:        'certbot-dns-cpanel',
+		package_name:    'certbot-dns-cpanel',
-		version_requirement: '~=0.2.2',
+		package_version: '0.2.2',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `cpanel_url = https://cpanel.example.com:2083
+		credentials:     `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
-cpanel_username = user
+certbot_dns_cpanel:cpanel_username = user
-cpanel_password = hunter2`,
+certbot_dns_cpanel:cpanel_password = hunter2`,
-		full_plugin_name: 'cpanel',
+		full_plugin_name: 'certbot-dns-cpanel:cpanel',
 	},
 	//####################################################//
 	desec: {
 		display_name:        'deSEC',
 		package_name:        'certbot-dns-desec',
 		version_requirement: '~=0.3.0',
 		dependencies:        '',
 		credentials:         `dns_desec_token = YOUR_DESEC_API_TOKEN
 dns_desec_endpoint = https://desec.io/api/v1/`,
 		full_plugin_name: 'dns-desec',
 	},
 	//####################################################//
 	duckdns: {
-		display_name:        'DuckDNS',
+		display_name:     'DuckDNS',
-		package_name:        'certbot-dns-duckdns',
+		package_name:     'certbot-dns-duckdns',
-		version_requirement: '~=0.6',
+		package_version:  '0.6',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_duckdns_token=your-duckdns-token',
+		credentials:      'dns_duckdns_token=your-duckdns-token',
-		full_plugin_name:    'dns-duckdns',
+		full_plugin_name: 'dns-duckdns',
 	},
 	//####################################################//
 	digitalocean: {
 		display_name:     'DigitalOcean',
 		package_name:     'certbot-dns-digitalocean',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version:  '1.8.0',
 		dependencies:     '',
 		credentials:      'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
 		full_plugin_name: 'dns-digitalocean',
 	},
 	//####################################################//
 	directadmin: {
-		display_name:        'DirectAdmin',
+		display_name:    'DirectAdmin',
-		package_name:        'certbot-dns-directadmin',
+		package_name:    'certbot-dns-directadmin',
-		version_requirement: '~=0.0.23',
+		package_version: '0.0.20',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `directadmin_url = https://my.directadminserver.com:2222
+		credentials:     `directadmin_url = https://my.directadminserver.com:2222
 directadmin_username = username
 directadmin_password = aSuperStrongPassword`,
-		full_plugin_name: 'directadmin',
+		full_plugin_name: 'certbot-dns-directadmin:directadmin',
 	},
 	//####################################################//
 	dnsimple: {
 		display_name:     'DNSimple',
 		package_name:     'certbot-dns-dnsimple',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version:  '1.8.0',
 		dependencies:     '',
 		credentials:      'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-dnsimple',
 	},
 	//####################################################//
 	dnsmadeeasy: {
-		display_name: 'DNS Made Easy',
+		display_name:    'DNS Made Easy',
-		package_name: 'certbot-dns-dnsmadeeasy',
+		package_name:    'certbot-dns-dnsmadeeasy',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+		credentials:     `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
 dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
 		full_plugin_name: 'dns-dnsmadeeasy',
 	},
 	//####################################################//
 	dnspod: {
-		display_name:        'DNSPod',
+		display_name:    'DNSPod',
-		package_name:        'certbot-dns-dnspod',
+		package_name:    'certbot-dns-dnspod',
-		version_requirement: '~=0.1.0',
+		package_version: '0.1.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
+		credentials:     `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
-dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
+certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
-		full_plugin_name: 'dns-dnspod',
+		full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
 	},
 	//####################################################//
 	dynu: {
-		display_name:        'Dynu',
+		display_name:     'Dynu',
-		package_name:        'certbot-dns-dynu',
+		package_name:     'certbot-dns-dynu',
-		version_requirement: '~=0.0.1',
+		package_version:  '0.0.1',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN',
+		credentials:      'certbot_dns_dynu:dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN',
-		full_plugin_name:    'dns-dynu',
+		full_plugin_name: 'certbot-dns-dynu:dns-dynu',
 	},
 	//####################################################//
 	eurodns: {
-		display_name:        'EuroDNS',
+		display_name:    'EuroDNS',
-		package_name:        'certbot-dns-eurodns',
+		package_name:    'certbot-dns-eurodns',
-		version_requirement: '~=0.0.4',
+		package_version: '0.0.4',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_eurodns_applicationId = myuser
+		credentials:     `dns_eurodns_applicationId = myuser
 dns_eurodns_apiKey = mysecretpassword
 dns_eurodns_endpoint = https://rest-api.eurodns.com/user-api-gateway/proxy`,
-		full_plugin_name: 'dns-eurodns',
+		full_plugin_name: 'certbot-dns-eurodns:dns-eurodns',
 	},
 	//####################################################//
 	gandi: {
-		display_name:        'Gandi Live DNS',
+		display_name:     'Gandi Live DNS',
-		package_name:        'certbot_plugin_gandi',
+		package_name:     'certbot_plugin_gandi',
-		version_requirement: '~=1.3.2',
+		package_version:  '1.2.5',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         `# live dns v5 api key
+		credentials:      'certbot_plugin_gandi:dns_api_key = APIKEY',
-dns_gandi_api_key=APIKEY
+		full_plugin_name: 'certbot-plugin-gandi:dns',
 # optional organization id, remove it if not used
 dns_gandi_sharing_id=SHARINGID`,
 		full_plugin_name: 'dns-gandi',
 	},
 	//####################################################//
 	godaddy: {
-		display_name:        'GoDaddy',
+		display_name:    'GoDaddy',
-		package_name:        'certbot-dns-godaddy',
+		package_name:    'certbot-dns-godaddy',
-		version_requirement: '~=0.2.0',
+		package_version: '0.2.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567
+		credentials:     `dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567
 dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`,
 		full_plugin_name: 'dns-godaddy',
 	},
 	//####################################################//
 	google: {
-		display_name: 'Google',
+		display_name:    'Google',
-		package_name: 'certbot-dns-google',
+		package_name:    'certbot-dns-google',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `{
+		credentials:     `{
 "type": "service_account",
 ...
 }`,
@ -247,156 +233,142 @@ dns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123`,
 	},
 	//####################################################//
 	hetzner: {
-		display_name:        'Hetzner',
+		display_name:     'Hetzner',
-		package_name:        'certbot-dns-hetzner',
+		package_name:     'certbot-dns-hetzner',
-		version_requirement: '~=1.0.4',
+		package_version:  '1.0.4',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
+		credentials:      'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
-		full_plugin_name:    'dns-hetzner',
+		full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
 	},
 	//####################################################//
 	infomaniak: {
-		display_name:        'Infomaniak',
+		display_name:     'Infomaniak',
-		package_name:        'certbot-dns-infomaniak',
+		package_name:     'certbot-dns-infomaniak',
-		version_requirement: '~=0.1.12',
+		package_version:  '0.1.12',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+		credentials:      'certbot_dns_infomaniak:dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
-		full_plugin_name:    'dns-infomaniak',
+		full_plugin_name: 'certbot-dns-infomaniak:dns-infomaniak',
 	},
 	//####################################################//
 	inwx: {
-		display_name:        'INWX',
+		display_name:    'INWX',
-		package_name:        'certbot-dns-inwx',
+		package_name:    'certbot-dns-inwx',
-		version_requirement: '~=2.1.2',
+		package_version: '2.1.2',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_inwx_url = https://api.domrobot.com/xmlrpc/
+		credentials:     `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
-dns_inwx_username = your_username
+certbot_dns_inwx:dns_inwx_username = your_username
-dns_inwx_password = your_password
+certbot_dns_inwx:dns_inwx_password = your_password
-dns_inwx_shared_secret = your_shared_secret optional`,
+certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
-		full_plugin_name: 'dns-inwx',
+		full_plugin_name: 'certbot-dns-inwx:dns-inwx',
 	},
 	//####################################################//
 	ionos: {
-		display_name:        'IONOS',
+		display_name:    'IONOS',
-		package_name:        'certbot-dns-ionos',
+		package_name:    'certbot-dns-ionos',
-		version_requirement: '==2021.9.20.post1',
+		package_version: '0.0.7',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_ionos_prefix = myapikeyprefix
+		credentials:     `certbot_dns_ionos:dns_ionos_prefix = myapikeyprefix
-dns_ionos_secret = verysecureapikeysecret
+certbot_dns_ionos:dns_ionos_secret = verysecureapikeysecret
-dns_ionos_endpoint = https://api.hosting.ionos.com`,
+certbot_dns_ionos:dns_ionos_endpoint = https://api.hosting.ionos.com`,
-		full_plugin_name: 'dns-ionos',
+		full_plugin_name: 'certbot-dns-ionos:dns-ionos',
 	},
 	//####################################################//
 	ispconfig: {
-		display_name:        'ISPConfig',
+		display_name:    'ISPConfig',
-		package_name:        'certbot-dns-ispconfig',
+		package_name:    'certbot-dns-ispconfig',
-		version_requirement: '~=0.2.0',
+		package_version: '0.2.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_ispconfig_username = myremoteuser
+		credentials:     `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
-dns_ispconfig_password = verysecureremoteuserpassword
+certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
-dns_ispconfig_endpoint = https://localhost:8080`,
+certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
-		full_plugin_name: 'dns-ispconfig',
+		full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
 	},
 	//####################################################//
 	isset: {
-		display_name:        'Isset',
+		display_name:    'Isset',
-		package_name:        'certbot-dns-isset',
+		package_name:    'certbot-dns-isset',
-		version_requirement: '~=0.0.3',
+		package_version: '0.0.3',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_isset_endpoint="https://customer.isset.net/api"
+		credentials:     `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
-dns_isset_token="<token>"`,
+certbot_dns_isset:dns_isset_token="<token>"`,
-		full_plugin_name: 'dns-isset',
+		full_plugin_name: 'certbot-dns-isset:dns-isset',
 	},
 	joker: {
-		display_name:        'Joker',
+		display_name:    'Joker',
-		package_name:        'certbot-dns-joker',
+		package_name:    'certbot-dns-joker',
-		version_requirement: '~=1.1.0',
+		package_version: '1.1.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_joker_username = <Dynamic DNS Authentication Username>
+		credentials:     `certbot_dns_joker:dns_joker_username = <Dynamic DNS Authentication Username>
-dns_joker_password = <Dynamic DNS Authentication Password>
+certbot_dns_joker:dns_joker_password = <Dynamic DNS Authentication Password>
-dns_joker_domain = <Dynamic DNS Domain>`,
+certbot_dns_joker:dns_joker_domain = <Dynamic DNS Domain>`,
-		full_plugin_name: 'dns-joker',
+		full_plugin_name: 'certbot-dns-joker:dns-joker',
 	},
 	//####################################################//
 	linode: {
-		display_name: 'Linode',
+		display_name:    'Linode',
-		package_name: 'certbot-dns-linode',
+		package_name:    'certbot-dns-linode',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+		credentials:     `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
 dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
 	},
 	//####################################################//
 	loopia: {
-		display_name:        'Loopia',
+		display_name:    'Loopia',
-		package_name:        'certbot-dns-loopia',
+		package_name:    'certbot-dns-loopia',
-		version_requirement: '~=1.0.0',
+		package_version: '1.0.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_loopia_user = user@loopiaapi
+		credentials:     `dns_loopia_user = user@loopiaapi
 dns_loopia_password = abcdef0123456789abcdef01234567abcdef0123`,
 		full_plugin_name: 'dns-loopia',
 	},
 	//####################################################//
 	luadns: {
-		display_name: 'LuaDNS',
+		display_name:    'LuaDNS',
-		package_name: 'certbot-dns-luadns',
+		package_name:    'certbot-dns-luadns',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `dns_luadns_email = user@example.com
+		credentials:     `dns_luadns_email = user@example.com
 dns_luadns_token = 0123456789abcdef0123456789abcdef`,
 		full_plugin_name: 'dns-luadns',
 	},
 	//####################################################//
 	netcup: {
-		display_name:        'netcup',
+		display_name:    'netcup',
-		package_name:        'certbot-dns-netcup',
+		package_name:    'certbot-dns-netcup',
-		version_requirement: '~=1.0.0',
+		package_version: '1.0.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_netcup_customer_id  = 123456
+		credentials:     `certbot_dns_netcup:dns_netcup_customer_id  = 123456
-dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
+certbot_dns_netcup:dns_netcup_api_key      = 0123456789abcdef0123456789abcdef01234567
-dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
+certbot_dns_netcup:dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
-		full_plugin_name: 'dns-netcup',
+		full_plugin_name: 'certbot-dns-netcup:dns-netcup',
 	},
 	//####################################################//
 	njalla: {
-		display_name:        'Njalla',
+		display_name:     'Njalla',
-		package_name:        'certbot-dns-njalla',
+		package_name:     'certbot-dns-njalla',
-		version_requirement: '~=1.0.0',
+		package_version:  '1.0.0',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
+		credentials:      'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
-		full_plugin_name:    'dns-njalla',
+		full_plugin_name: 'certbot-dns-njalla:dns-njalla',
 	},
 	//####################################################//
 	nsone: {
 		display_name:     'NS1',
 		package_name:     'certbot-dns-nsone',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version:  '1.8.0',
 		dependencies:     '',
 		credentials:      'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
 		full_plugin_name: 'dns-nsone',
 	},
 	//####################################################//
 	oci: {
 		display_name:    'Oracle Cloud Infrastructure DNS',
 		package_name:    'certbot-dns-oci',
 		package_version: '0.3.6',
 		dependencies:    'oci',
 		credentials:     `[DEFAULT]
 user = ocid1.user.oc1...
 fingerprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
 tenancy = ocid1.tenancy.oc1...
 region = us-ashburn-1
 key_file = ~/.oci/oci_api_key.pem`,
 		full_plugin_name: 'dns-oci',
 	},
 	//####################################################//
 	ovh: {
-		display_name: 'OVH',
+		display_name:    'OVH',
-		package_name: 'certbot-dns-ovh',
+		package_name:    'certbot-dns-ovh',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `dns_ovh_endpoint = ovh-eu
+		credentials:     `dns_ovh_endpoint = ovh-eu
 dns_ovh_application_key = MDAwMDAwMDAwMDAw
 dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
 dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
@ -404,41 +376,41 @@ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
 	},
 	//####################################################//
 	porkbun: {
-		display_name:        'Porkbun',
+		display_name:    'Porkbun',
-		package_name:        'certbot-dns-porkbun',
+		package_name:    'certbot-dns-porkbun',
-		version_requirement: '~=0.2',
+		package_version: '0.2',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_porkbun_key=your-porkbun-api-key
+		credentials:     `dns_porkbun_key=your-porkbun-api-key
 dns_porkbun_secret=your-porkbun-api-secret`,
 		full_plugin_name: 'dns-porkbun',
 	},
 	//####################################################//
 	powerdns: {
-		display_name:        'PowerDNS',
+		display_name:    'PowerDNS',
-		package_name:        'certbot-dns-powerdns',
+		package_name:    'certbot-dns-powerdns',
-		version_requirement: '~=0.2.0',
+		package_version: '0.2.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_powerdns_api_url = https://api.mypowerdns.example.org
+		credentials:     `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
-dns_powerdns_api_key = AbCbASsd!@34`,
+certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
-		full_plugin_name: 'dns-powerdns',
+		full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
 	},
 	//####################################################//
 	regru: {
-		display_name:        'reg.ru',
+		display_name:    'reg.ru',
-		package_name:        'certbot-regru',
+		package_name:    'certbot-regru',
-		version_requirement: '~=1.0.2',
+		package_version: '1.0.2',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `certbot_regru:dns_username=username
+		credentials:     `certbot_regru:dns_username=username
 certbot_regru:dns_password=password`,
 		full_plugin_name: 'certbot-regru:dns',
 	},
 	//####################################################//
 	rfc2136: {
-		display_name: 'RFC 2136',
+		display_name:    'RFC 2136',
-		package_name: 'certbot-dns-rfc2136',
+		package_name:    'certbot-dns-rfc2136',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `# Target DNS server
+		credentials:     `# Target DNS server
 dns_rfc2136_server = 192.0.2.1
 # Target DNS port
 dns_rfc2136_port = 53
@ -452,43 +424,42 @@ dns_rfc2136_algorithm = HMAC-SHA512`,
 	},
 	//####################################################//
 	route53: {
-		display_name: 'Route 53 (Amazon)',
+		display_name:    'Route 53 (Amazon)',
-		package_name: 'certbot-dns-route53',
+		package_name:    'certbot-dns-route53',
-		// version_requirement: '', // Official plugin, no version requirement
+		package_version: '1.8.0',
-		dependencies: '',
+		dependencies:    '',
-		credentials:  `[default]
+		credentials:     `[default]
 aws_access_key_id=AKIAIOSFODNN7EXAMPLE
 aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
 		full_plugin_name: 'dns-route53',
 	},
 	//####################################################//
 	transip: {
-		display_name:        'TransIP',
+		display_name:    'TransIP',
-		package_name:        'certbot-dns-transip',
+		package_name:    'certbot-dns-transip',
-		version_requirement: '~=0.3.3',
+		package_version: '0.3.3',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_transip_username = my_username
+		credentials:     `certbot_dns_transip:dns_transip_username = my_username
-dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`,
+certbot_dns_transip:dns_transip_key_file = /etc/letsencrypt/transip-rsa.key`,
-		full_plugin_name: 'dns-transip',
+		full_plugin_name: 'certbot-dns-transip:dns-transip',
 	},
 	//####################################################//
 	vultr: {
-		display_name:        'Vultr',
+		display_name:     'Vultr',
-		package_name:        'certbot-dns-vultr',
+		package_name:     'certbot-dns-vultr',
-		version_requirement: '~=1.0.3',
+		package_version:  '1.0.3',
-		dependencies:        '',
+		dependencies:     '',
-		credentials:         'dns_vultr_key = YOUR_VULTR_API_KEY',
+		credentials:      'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
-		full_plugin_name:    'dns-vultr',
+		full_plugin_name: 'certbot-dns-vultr:dns-vultr',
 	},
 	//####################################################//
-	websupportsk: {
+	desec: {
-		display_name:        'Websupport.sk',
+		display_name:    'deSEC',
-		package_name:        'certbot-dns-websupportsk',
+		package_name:    'certbot-dns-desec',
-		version_requirement: '~=0.1.6',
+		package_version: '0.3.0',
-		dependencies:        '',
+		dependencies:    '',
-		credentials:         `dns_websupportsk_api_key = <api_key>
+		credentials:     `certbot_dns_desec:dns_desec_token = YOUR_DESEC_API_TOKEN
-dns_websupportsk_secret = <secret>
+certbot_dns_desec:dns_desec_endpoint = https://desec.io/api/v1/`,
-dns_websupportsk_domain = example.com`,
+		full_plugin_name: 'certbot-dns-desec:dns-desec',
 		full_plugin_name: 'dns-websupportsk',
 	},
 };
Author	SHA1	Message	Date
Jamie Curnow	a91dcb144d	Use model for db defaults as sqlite doesn't support them	2021-09-09 08:12:50 +10:00
Subv	e7f7be2a2b	OpenIDC: Trigger the change event of the "restrict users" toggle when enabling/disabling oidc. If this is not triggered and the OIDC toggle is enabled, the "disabled" property will be removed from the restricted user list input, causing an error when trying to submit the form without it.	2021-09-09 08:12:50 +10:00
Subv	076d89b5b5	Use localized strings for the OpenID Connect texts.	2021-09-09 08:12:50 +10:00
Subv	8539930f89	Updated the docs to add a section about OpenID Connect	2021-09-09 08:12:50 +10:00
Subv	87d9babbd3	Fix conditionals in the liquid template for OpenID Connect conf.	2021-09-09 08:12:50 +10:00
Subv	9f2d3a1737	Manually set the default values for the OpenID Connect columns. There is a Knex issue ( https://github.com/knex/knex/issues/2649 ) that prevents .defaultTo from working for text columns.	2021-09-09 08:12:50 +10:00
Subv	daf399163c	Allow limiting OpenID Connect auth to a list of users.	2021-09-09 08:12:50 +10:00
Subv	cdf702e545	Add a field to specify a list of allowed emails when using OpenID Connect auth.	2021-09-09 08:12:50 +10:00
Subv	5811345050	Use OpenResty instead of plain nginx to support OpenID Connect authorization.	2021-09-09 08:12:48 +10:00
Subv	53792a5cf7	Add database columns to store OpenID Connect information for Proxy Hosts.	2021-09-09 08:12:19 +10:00
Subv	8e10b7da37	Add UI tab for specifying OpenID Connect options for proxy hosts.	2021-09-09 08:12:19 +10:00